Main Software ActiveX ASP Source Downloads Android Contact
ASP

Here you can find some FREE usefull Classic ASP / VBScript code snippets, class modules, etc.
I use then myself on most of my projects, so you can rest assured they were optimized over time and are very reliable.
You can use them on your personal or commercial projects.
If you find them usefull to you, please make a donation (nomatter how small) to help me keep this content online for free.


Encode and Decode String File IO Misc
Base-64
HTML2Text
Recaptcha
SHA-1
Text2HTML 		Escape
FileNameIn
FileSizeDesc
Format
RemoveTags 		BinReadFile
CreateFolder
FileDateTime
FileExists
FileLen
FolderExists
GetFiles
GetFolders
ReadFile 		IsValidEmail
SendCDOMail
ScanVar
Procedure ScanVar (String) Scan a variable for SQL Injection attempts.
You should always use this when using a variable provided by a user input is used on a SQL query.
Example
<%
Dim id, cn
id = request.form("id")
ScanVar id ' if a SQL injection is attemped the code execution will stop here
Set cn = Server.CreateObject("adodb.connection")
cn.Open "Your Connection String"
cn.Execute "SELECT * FROM MY_DB WHERE ID='" & id & "'"
cn.Close
Set cn = Nothing
%>


Source Code
<%
sub ScanVar(byval s)
dim p,flg
p=instr(s,";")
if p>0 then
   flg=true: s=ucase(replace(s," ",""))
   if instr(p,s,"EXEC(")>0 then
      elseif instr(p,s,"DECLARE@")>0 then
         elseif instr(p,s,"SELECT ")>0 then
            elseif instr(p,s,"DELETE ")>0 then
               elseif instr(p,s,"UPDATE ")>0 then
                  elseif instr(p,s,"DROP ")>0 then
                     elseif instr(p,s,"TRUNCATE")=0 then
                        flg=false
                        end if
   if flg then
      ' do whatever you want here. I find that an immediate code break
      ' without any kind of response is the best way to handle this
      response.end
      end if
   end if
end sub
%>
Copyright © 2004-2012 Ricardo Cruz. All rights reserved