RE: Alternative to using CONTAINS repeatedly?

Fri, 12 Sep 2008 08:26:07 -0700 

Here's one way...

<!--- Evil form fields --->
<cfset FORM.email = "<script>alert('Bad script!');</script>">
<cfset FORM.name = "<img src='bad.gif' />">

<!--- Nice form fields --->
<cfset FORM.email = "sdadsds">
<cfset FORM.name = "asasa">

<cfset bannedList = "http,script,img,http">
<cfset formFieldsToCheck = "email,name">
<cfset proceed = true>

<cfloop list="#bannedList#" index="i">
        <cfloop list="#formFieldsToCheck#" index="j">
                <cfif FindNoCase(i, FORM[j])>
                        <cfset proceed = false>
                        <cfbreak>
                </cfif>
        </cfloop>
</cfloop>

<cfif proceed>
        Yaaay! :OD
<cfelse>
        Booooo :O(
</cfif>

Adrian

-----Original Message-----
From: Julie Davenport [mailto:[EMAIL PROTECTED]
Sent: 12 September 2008 15:54
To: CF-Talk
Subject: Alternative to using CONTAINS repeatedly?


Hello all,
I'm trying to screen out "bad stuff" sent to my scripts in the form fields
and I know there has to be a better way to do it than this:

<cfif lcase(form.First_Name) CONTAINS 'http'
   OR lcase(form.First_Name) CONTAINS 'script'
   OR lcase(form.First_Name) CONTAINS 'img'
   OR lcase(form.Last_Name) CONTAINS 'http'
   OR lcase(form.Last_Name) CONTAINS 'script'
   OR lcase(form.Last_Name) CONTAINS 'img'
   OR lcase(form.email) CONTAINS 'http'
   OR lcase(form.email) CONTAINS 'script'
   OR lcase(form.email) CONTAINS 'img'
   OR lcase(form.comments) CONTAINS 'http'
   OR lcase(form.comments) CONTAINS 'script'
   OR lcase(form.comments) CONTAINS 'img'>
     (do not process)
<cfelse>
     (process)
</cfif>

There must be an easier way to check multiple fields to see if they contain
any of a list of character strings.  I've looked through the LIST functions
and they seem to do the opposite (look whether a string is contained in a
list).  Any suggestions?

thanks much,
Julie


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312435
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to