Important alert: (current site time 5/26/2015 7:07:53 AM EDT)


String Cleanser (ASCII only)

Submitted on: 8/1/2009 8:25:03 AM
By: Scouse Mouse 
Level: Advanced
User Rating: By 3 Users
Compatibility: ASP (Active Server Pages), VbScript (browser/client side)
Views: 70353
(About the author)
     Simple include function to loop through a given string and (a) concatenate it to the maximum length, (b) silently drop any unwanted characters and (c) pad all single quotes with a 2nd single quote (for using in MS-SQL statements).

Terms of Agreement:   
By using this article, you agree to the following terms...   
  1. You may use this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
  2. You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.   
  3. You may link to this article from another website, but ONLY if it is not wrapped in a frame. 
  4. You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.
				If you've not used Chr() function before, open notepad, hold hown your left Alt key, and type in the 3-digit number on the numeric keypad to see what character I'm checking for!
Note this is probably not the most efficient or elegant way of programming, and I like to use variable names I can understand when I look at the file 3 years later!
 Function fCheckChar( strCheck, numLenMax )
strOut = ""
numLen = Len(strCheck)
If numLenMax <> "" Then
 numMax = CInt(numLenMax)
 numMax = 99
End If
If numLen > numMax Then
 strCheck = Mid(strCheck,1,numMax)
 numLen = numMax
End If
For i = 1 to numLen
 strChar = Mid(strCheck,i,1)
 If (strChar > Chr(031) AND strChar < Chr(127)) _
 OR (strChar = Chr(010)) _
 OR (strChar = Chr(013)) Then
If strChar = Chr(034) _
OR strChar = Chr(039) Then
 strOut = strOut & Chr(039) & Chr(039)
 strOut = strOut & strChar
End If
 End If
fCheckChar = strOut
 End Function
Usage example:
 strSearch = Request.QueryString("str")
 strSafeSearch = fCheckChar(strSearch,"45")

Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Advanced category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)

Other User Comments

8/5/2009 11:52:27 AMmike

Sorry this script does not stand up to the Advanced category.
1 - The function needs better definition. Private or Public
2 - The arguments passed in should use the ByRef or ByVal definitions.
3 - You use many variables in the function without Dimensioning them.

These three things alone will have a major impact on how polite your function behaves within the whole of an application.

You are replacing double and single quotes with a pair or single quotes. What if the user already placed a pair of single quotes in the input? Now you have 4 single quotes in a row!

If you are looking to protect your queries from bad characters or "SQL injection" I'd suggest you look into stored procedures.
(If this comment was disrespectful, please report it.)


Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)

To post feedback, first please login.