Member Avatar for Priti_P

how to check whether string contains characters like <% or <? tags or mysql tags.
for example

<% String eid = request.getParameter("eid"); %>
<?php ?> or <?

my page is total depend on javascript
so while its submitting form its giving me error or accepting codes which it should not.
for tags i have added

    function isHTML(str) 
    {
        var a = document.createElement('div');
        a.innerHTML = str;
        for (var c = a.childNodes, i = c.length; i--; ) 
        {
            if (c[i].nodeType == 1) return true; 
        }
        return false;
    }

but what about other tags?
or for specials characters I have added

var regex2 = /^[`~0-9!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]*$/;
var spl_char=regex2.test(decription_string)
if(spl_char==true)
{
    alert("Please enter valid skill description.");
    document.getElementById('description').focus();
    return false;
}

is there anything which i should add to regex expression to avoid above issues?

  • 2 Contributors
  • 2 Replies
  • 296 Views
  • 14 Hours Discussion Span
  • Latest Post Latest Post by Priti_P
Member Avatar for pzuurveen

Why do you want to do this.
To protect your server from mysql-injection?
Than it's not save to rely upon javascript.
Data can be sent directly to your server bypassing all your code.
Javascript validation is only used to create a faster error message.
It's the job of the server-site script (php) to make sure the data is save.

Member Avatar for Priti_P

Thanks for valuable reply but
why I need this is:
I have created a form in which i dont want user to enters such codes/tags in there description.
So while validation i want to alert.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.