Java RSS Java RSS

filtering bad user input

Reply

Join Date: Mar 2004
Posts: 7
Reputation: Dave G. is an unknown quantity at this point 
Solved Threads: 0
Dave G. Dave G. is offline Offline
Newbie Poster

filtering bad user input

 
0
  #1
Nov 2nd, 2004
I am trying to set up a jsp page which takes input from any form and filters out user input which may pose a security risk. I am using the following function to try to do this:
Java Syntax (Toggle Plain Text) 
  1.  
  2. <%!
  3. private String checkInput(String test){
  4. String bad_input = "";
  5. boolean someBadInput = false;
  6. char[] bad_characters = {'<','>','\'','\"','*','#','=','&','\\',';',':'};
  7. int number_of_bad_characters = 11;
  8. int i;
  9. for(i=0; i<number_of_bad_characters; i++){
  10. if(test.indexOf(bad_characters[i]) != -1){
  11. if(!someBadInput){
  12. 	bad_input += bad_characters[i];
  13. 	someBadInput = true;
  14. }else{
  15. 	if(i < (number_of_bad_characters-1)){
  16. 	 bad_input += ", "+ bad_characters[i];
  17. 	}else{
  18. 	 bad_input += ", and "+ bad_characters[i];
  19. 	}
  20. }
  21. }
  22. }
  23. if(someBadInput){
  24. return bad_input;
  25. }else{
  26. return "good";
  27. }
  28. }
  29. %>
I get a null pointer from the following line:
Java Syntax (Toggle Plain Text) 
  1.  if(test.indexOf(bad_characters[i]) != -1){
Been working at the computer for too long and going kinda bugeyed - so any other eyes that check this out are much appreciated!

Thanks in advance,
Dave.
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 7
Reputation: Dave G. is an unknown quantity at this point 
Solved Threads: 0
Dave G. Dave G. is offline Offline
Newbie Poster

Re: filtering bad user input

 
0
  #2
Nov 2nd, 2004
Wow, this is embarassing - the form I was submitting to the page had a spelling mistake inthe name of a field - so the page was trying to "request.getParameter("non_existant_parameter");" and passing a null pointer into the function. Sometimes you just need some sleep and or do something else for awhile....

Thanks to everyone who looked at the code. Sorry for the inconvienance.

Dave.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Java Forum
Thread Tools Search this Thread



account android api applet application array arrays automation bidirectional binary birt bluetooth class classes client code columns component constructor database designadrawingapplicationusingjavajslider draw eclipse error errors exception expand fractal game givemetehcodez graphics gui guidancer homework html ide image inetaddress inheritance integer intellij j2me java javamicroeditionuseofmotionsensor javaprojects jlabel jme jni jpanel jtextfield jtree julia linux list loop map method methods midlethttpconnection mobile mobiledevelopmentcreatejar monitoring myaggfun netbeans newbie nullpointerexception open-source oracle plazmic print problem program project property recursion ria scanner search server set sharepoint smart sms smsspam sort sourcelabs splash sql sqlite static string subclass support swing testautomation threads tree unlimited webservices windows
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC