Member Avatar for Dave G.

I am trying to set up a jsp page which takes input from any form and filters out user input which may pose a security risk. I am using the following function to try to do this:

<%!
private String checkInput(String test){
String bad_input = "";
boolean someBadInput = false;
char[] bad_characters = {'<','>','\'','\"','*','#','=','&','\\',';',':'};
int number_of_bad_characters = 11;
int i;
for(i=0; i<number_of_bad_characters; i++){
if(test.indexOf(bad_characters[i]) != -1){
if(!someBadInput){
	bad_input += bad_characters[i];
	someBadInput = true;
}else{
	if(i < (number_of_bad_characters-1)){
	 bad_input += ", "+ bad_characters[i];
	}else{
	 bad_input += ", and "+ bad_characters[i];
	}
}
}
}
if(someBadInput){
return bad_input;
}else{
return "good";
}
}
%>

I get a null pointer from the following line:

if(test.indexOf(bad_characters[i]) != -1){

Been working at the computer for too long and going kinda bugeyed - so any other eyes that check this out are much appreciated!

Thanks in advance,
Dave.

  • 1 Contributor
  • 1 Reply
  • 100 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by Dave G.
Member Avatar for Dave G.

Wow, this is embarassing - the form I was submitting to the page had a spelling mistake inthe name of a field - so the page was trying to "request.getParameter("non_existant_parameter");" and passing a null pointer into the function. Sometimes you just need some sleep and or do something else for awhile....

Thanks to everyone who looked at the code. Sorry for the inconvienance.

Dave.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.