Search This Blog

Tuesday, May 6, 2008

sql injection validation by myself

The following function returns true if any unwanted character is found in the field.
function check_field(field) { if(field == '') return field; field = field.ltrim(); field = field.rtrim(); var reg = /["';\&^*@!%+=$~\\|/`]/; /* // var reg = /"^A-Za-z0-9" + "_" + "-" + "." + '"' + "'" + "@"+ "(" + ")" ; // var reg = /"^A-Za-z0-9" + "_" + "-" + "." + '"' + "'" + "@"+ "(" + ")" ; // alert(reg.test(" A-2,anir rere,bahandu)w(s,mubai-2323\\")); // var reg = /["';^*@!%+=$~\\|/`]/ var reg = /\w[_,-,',@,{,}] /;*/ //alert(field.search(reg)) ; //alert(reg) field=reg.test(field); return field; }

No comments: