[devtalk] ASP help

Robert Hoenig rhoenig at hoenigcomputers.com
Tue Oct 27 16:32:41 GMT 2009 

You could check that javascript is off and then use an asp script
validation.  Here's the asp script I use.

function chkEmail(theAddress)
   ' checks for a vaild email
   ' returns 1 for invalid addresses
   ' returns 0 for valid addresses
   dim atCnt
   chkEmail = 0

   ' chk length
   if len(theAddress) < 5  then
      ' a at b.c should be the shortest an
      ' address could be
      chkEmail = 1

   ' chk format
   ' has at least one "@"
   elseif instr(theAddress,"@") = 0 then
      chkEmail = 1

   ' has at least one "."
   elseif instr(theAddress,".") = 0 then
      chkEmail = 1

   ' has no more than 3 chars after last "."
   elseif len(theAddress) - instrrev(theAddress,".") > 3 then
      chkEmail = 1

   ' has no "_" after the "@"
   elseif instr(theAddress,"_") <> 0 and _
       instrrev(theAddress,"_") > instrrev(theAddress,"@")  then
      chkEmail = 1

   else
      ' has only one "@"
      atCnt = 0
      for i = 1 to len(theAddress)
         if  mid(theAddress,i,1) = "@" then
            atCnt = atCnt + 1
         end if
      next

      if atCnt > 1 then
         chkEmail = 1
      end if

      ' chk each char for validity
      for i = 1 to len(theAddress)
        if  not isnumeric(mid(theAddress,i,1)) and _
		(lcase(mid(theAddress,i,1)) < "a" or _
		lcase(mid(theAddress,i,1)) > "z") and _
		mid(theAddress,i,1) <> "_" and _
		mid(theAddress,i,1) <> "." and _
		mid(theAddress,i,1) <> "@" and _
		mid(theAddress,i,1) <> "-" then
            chkEmail = 1
        end if
      next
  end if
end function 

-----Original Message-----
From: devtalk-bounces at lists.preshweb.co.uk
[mailto:devtalk-bounces at lists.preshweb.co.uk] On Behalf Of Portman
Sent: Tuesday, October 27, 2009 11:20 AM
To: New home for the wdvltalk community
Subject: Re: [devtalk] ASP help

Thanks David.

A follow up on the ASP: I was able to fix the problem of the program saying
that everything already existed in the database, but now I find that the
test for the email address does not stop "malicious" addresses from being
submitted if JavaScript is disabled (which I am assuming it will be in a SQL
injection attack). My modified code is here: 
http://pastebin.com/d7d4518fe. Any help would be much appreciated.

TIA,
Riva

David Precious wrote:
> Yes - plain-text only, max 40KB posts, and HTML/attachments 
> automatically scrubbed by the list server.
_______________________________________________
devtalk mailing list
devtalk at lists.preshweb.co.uk
http://lists.preshweb.co.uk/mailman/listinfo/devtalk

More information about the devtalk mailing list