0

how to check whether string contains characters like <% or <? tags or mysql tags.
for example

<% String eid = request.getParameter("eid"); %>
<?php ?> or <?

my page is total depend on javascript
so while its submitting form its giving me error or accepting codes which it should not.
for tags i have added

    function isHTML(str) 
    {
        var a = document.createElement('div');
        a.innerHTML = str;
        for (var c = a.childNodes, i = c.length; i--; ) 
        {
            if (c[i].nodeType == 1) return true; 
        }
        return false;
    }

but what about other tags?
or for specials characters I have added

var regex2 = /^[`~0-9!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]*$/;
var spl_char=regex2.test(decription_string)
if(spl_char==true)
{
    alert("Please enter valid skill description.");
    document.getElementById('description').focus();
    return false;
}

is there anything which i should add to regex expression to avoid above issues?

2
Contributors
2
Replies
13
Views
3 Years
Discussion Span
Last Post by Priti_P
0

Why do you want to do this.
To protect your server from mysql-injection?
Than it's not save to rely upon javascript.
Data can be sent directly to your server bypassing all your code.
Javascript validation is only used to create a faster error message.
It's the job of the server-site script (php) to make sure the data is save.

0

Thanks for valuable reply but
why I need this is:
I have created a form in which i dont want user to enters such codes/tags in there description.
So while validation i want to alert.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.