Java RSS Java RSS

filtering bad user input

Reply

Join Date: Mar 2004
Posts: 7
Reputation: Dave G. is an unknown quantity at this point 
Solved Threads: 0
Dave G. Dave G. is offline Offline
Newbie Poster

filtering bad user input

 
0
  #1
Nov 2nd, 2004
I am trying to set up a jsp page which takes input from any form and filters out user input which may pose a security risk. I am using the following function to try to do this:
Java Syntax (Toggle Plain Text) 
  1.  
  2. <%!
  3. private String checkInput(String test){
  4. String bad_input = "";
  5. boolean someBadInput = false;
  6. char[] bad_characters = {'<','>','\'','\"','*','#','=','&','\\',';',':'};
  7. int number_of_bad_characters = 11;
  8. int i;
  9. for(i=0; i<number_of_bad_characters; i++){
  10. if(test.indexOf(bad_characters[i]) != -1){
  11. if(!someBadInput){
  12. 	bad_input += bad_characters[i];
  13. 	someBadInput = true;
  14. }else{
  15. 	if(i < (number_of_bad_characters-1)){
  16. 	 bad_input += ", "+ bad_characters[i];
  17. 	}else{
  18. 	 bad_input += ", and "+ bad_characters[i];
  19. 	}
  20. }
  21. }
  22. }
  23. if(someBadInput){
  24. return bad_input;
  25. }else{
  26. return "good";
  27. }
  28. }
  29. %>
I get a null pointer from the following line:
Java Syntax (Toggle Plain Text) 
  1.  if(test.indexOf(bad_characters[i]) != -1){
Been working at the computer for too long and going kinda bugeyed - so any other eyes that check this out are much appreciated!

Thanks in advance,
Dave.
Reply With Quote Quick reply to this message  
Join Date: Mar 2004
Posts: 7
Reputation: Dave G. is an unknown quantity at this point 
Solved Threads: 0
Dave G. Dave G. is offline Offline
Newbie Poster

Re: filtering bad user input

 
0
  #2
Nov 2nd, 2004
Wow, this is embarassing - the form I was submitting to the page had a spelling mistake inthe name of a field - so the page was trying to "request.getParameter("non_existant_parameter");" and passing a null pointer into the function. Sometimes you just need some sleep and or do something else for awhile....

Thanks to everyone who looked at the code. Sorry for the inconvienance.

Dave.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Java Forum
Thread Tools Search this Thread



2dgraphics @param account affinetransform android api apple applet application arc arguments array automation banking binary binarytree bluetooth chatprogramusingobjects class client code color compare component count database derby design detection eclipse eclipsedevelopment encryption error fractal game givemetehcodez graphics gridlayout gui guitesting helpwithhomework html ide if_statement image inheritance integer j2me java java.xls javadesktopapplications javaprojects jlabel jni jpanel julia keytool keyword linux list macintosh map method methods midlethttpconnection mobile monitoring netbeans nullpointerexception object open-source pong problem producer program project projectideas property reference replaysolutions ria rim scanner server set size sms sourcelabs splash sql swing terminal threads transforms tree ui unicode validation web windows
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC