There was recently a question on here about sql injection and about request calls being cleansed (http://www.vpasp.com/virtprog/vpaspforum/topic.asp?TOPIC_ID=13223).
I have a follow up question about this.
I am just doing a double check of all code and have found some instances in byz add ons where the requests are not cleansed, for instance:
tfieldval=Request(tfieldname)
would this be better written astfieldval=cleanchars(Request(tfieldname))
There are also some instances such as instr(lcase(request.ServerVariables("SCRIPT_NAME"))
would this be better as cleanchars(instr(lcase(request.ServerVariables("SCRIPT_NAME")))
Finally in some of the admin pages there are entries such as which=request("which")
and addcategory=request("addcategory")
would these be better aswhich=cleanchars(request("which"))
and addcategory=cleanchars(request("addcategory"))
Thanks
Steve
Sex toys from a UK sex shop including vibrators and dildos.