Hi All, How can i restrict '♥♣' like characters from saving into database. If these characters appear in name text field, a error message should be thrown. I am using ruby on rails.
Thanks, Anubhaw
A:
In this javascript tutorial you will learn how to restrict the special characters being entered in textbox. Sometimes you want to restrict some special chracters being entered in textbox of form to prevent the sql injection that can harm your database very badly. So Let's have a look over how to do so.
<script language="javascript" type="text/javascript">
function check(e) {
var keynum
var keychar
var numcheck
// For Internet Explorer
if (window.event)
{
keynum = e.keyCode
}
// For Netscape/Firefox/Opera
else if (e.which)
{
keynum = e.which
}
keychar = String.fromCharCode(keynum)
//List of special characters you want to restrict
if (keychar == "'" || keychar == "`")
{
return false;
}
else {
return true;
}
}
</script>
Now let's have a look over how to call this special characters restriction function in a textbox.
For aspx server side textbox control
<asp:TextBox ID="txtName" runat="server" onkeypress="return check(event)" ></asp:TextBox>
For html textbox control
<input type="text" name="txtName" id="txtName" onkeypress="return check(event)">
You can restrict any other character or number other than special characters too, just by simply add it in the list of characters to be restricted such as for example I want to restrice the character a too then the code will be
if (keychar == "'" || keychar == "`" || keychar == "a")
So this is the way to handle and restrict the special characters being entered in textbox using javascript.
Taken from www.photonservers.com http://photonservers.org/index.php?topic=8.0
Rajan Solanki
2010-09-08 10:08:21
this isn't a good approach and javascript should never be used to prevent sql injection, since anybody can turn it off. Regex is most likely the best solution.
Thomas
2010-09-08 10:13:53
javascript doens't prevent SQL Injection, and any hacker will try to send vars directly by get or post... they will not use your page...
CuSS
2010-09-08 10:15:32
+1
A:
You want some javascript to tell users when they put such characters in the form. You need a validation routine in your RoR code to make sure that only acceptable characters are actually placed in the database.
Donal Fellows
2010-09-08 10:08:51
+4
A:
See this for an example of allowing only a specific set of characters (whitelisting), which IMO is better and safer:
var allowed = /[a-ZA-Z0-9]/; // etc.
window.onload = function () {
var input = document.getElementById("test");
input.onkeypress = function () {
// Cross-browser
var evt = arguments[0] || event;
var char = String.fromCharCode(evt.which || evt.keyCode);
// Is the key allowed?
if (!allowed.test(char)) {
// Cancel the original event
evt.cancelBubble = true;
return false;
}
}
};
From: http://stackoverflow.com/questions/1509516/prevent-typing-non-ascii-characters-in-a-textbox
Alternately you can use regex to strip out non ascii characters.
Moin Zaman
2010-09-08 10:10:21
+1 for good javascript solution. However a check in RoR before inserting into the database will also be required.
Thomas
2010-09-08 10:18:28
A:
Hi, you need to filter the actual string in the browser and final string on server (for security reasons)...
In php you could use filter functions and choose one of them or customize with Regexp.
I don't know much about ruby on rails, but if it doesn't exist any function like that, you cold do regexp to the string or letter by letter.
CuSS
2010-09-08 10:12:57