Just don't forget that any special characters in your keywords would have to be escaped. So for example, if your keyword is Cat.Dog, then the dot means something special. It isn't as quick, but a simple loop over the list and making use of findNoCase may work well.
On Tue, Oct 11, 2011 at 9:16 AM, Matt Quackenbush <[email protected]> wrote: > > Regular expressions. > > if ( reFindNoCase("(select|declare)",myString) > 0 ) > { > // at least one of the words is present > } > > HTH > > > On Tue, Oct 11, 2011 at 9:11 AM, Brian Cain <[email protected]> wrote: > >> >> Hello all, >> >> I would like to check a string against a list of keywords and either null >> the string or replace the keywords if found. >> >> Over the past couple of weeks someone has been probing my sites for SQL >> injection vulnerabilities. I have used queryparams and other types of >> validation. but I fear I may have missed something. I am using an old >> version of formurl2attributes that has been modified over the years. My >> thought is to check the attributes list at the end of the custom tag, and >> look for some of the common SQL injection keywords there and mitigate their >> effectiveness. >> >> So in short, how do I search for keywords like "select,declare" in a string >> without looping over the keywords? >> >> Thanks, >> Brian Cain >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:348049 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
