0

I am trying to set up a jsp page which takes input from any form and filters out user input which may pose a security risk. I am using the following function to try to do this:

<%!
private String checkInput(String test){
String bad_input = "";
boolean someBadInput = false;
char[] bad_characters = {'<','>','\'','\"','*','#','=','&','\\',';',':'};
int number_of_bad_characters = 11;
int i;
for(i=0; i<number_of_bad_characters; i++){
if(test.indexOf(bad_characters[i]) != -1){
if(!someBadInput){
	bad_input += bad_characters[i];
	someBadInput = true;
}else{
	if(i < (number_of_bad_characters-1)){
	 bad_input += ", "+ bad_characters[i];
	}else{
	 bad_input += ", and "+ bad_characters[i];
	}
}
}
}
if(someBadInput){
return bad_input;
}else{
return "good";
}
}
%>

I get a null pointer from the following line:

if(test.indexOf(bad_characters[i]) != -1){

Been working at the computer for too long and going kinda bugeyed - so any other eyes that check this out are much appreciated!

Thanks in advance,
Dave.

1
Contributor
1
Reply
2
Views
13 Years
Discussion Span
Last Post by Dave G.
0

Wow, this is embarassing - the form I was submitting to the page had a spelling mistake inthe name of a field - so the page was trying to "request.getParameter("non_existant_parameter");" and passing a null pointer into the function. Sometimes you just need some sleep and or do something else for awhile....

Thanks to everyone who looked at the code. Sorry for the inconvienance.

Dave.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.