%
Private Function HTMLDecode(byVal encodedstring)
Dim tmp, i
tmp = encodedstring
tmp = Replace( tmp, """, chr(34) )
tmp = Replace( tmp, "<" , chr(60) )
tmp = Replace( tmp, ">" , chr(62) )
tmp = Replace( tmp, "&" , chr(38) )
tmp = Replace( tmp, " ", chr(32) )
For i = 1 to 255
tmp = Replace( tmp, "" & i & ";", chr( i ) )
Next
HTMLDecode = tmp
End Function
Function IllegalChars(sInput)
'Declare variables
Dim sBadChars, iCounter
'Set IllegalChars to False
IllegalChars=False
'Create an array of illegal characters and words
sBadChars=array("update","select", "drop", "insert", "delete", "xp_","#", "&", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|")
sBadChars2=array("CAST","CHAR","SET","-","update","select", "drop", "insert", "delete", "xp_", "DECLARE","NVARCHAR","varchar","CURSOR","Table_Cursor","","""","'",";",";-","0x4","EXEC(",");SET",");SET","0;","/t_blank","EXEC",".JS","UPDATE","@S=CAST","(",")","AS CHAR(4000)","4000","AS CHAR","AS }}{ ","[at] S }","(","[","{","}","\","(","\",")","\","^","$","&","_","%","#","!","/","\","?","/","\",",","$","!","[","]","""","'",";",";-","(",")","(","[","{","}","\","(","\",")","\","^","$","&","_","%","#","!","/","\","?","/","\",",","$","!",".","-","+","*",":","<",">","=","[","]")
'Loop through array sBadChars using our counter & UBound function
For iCounter = 0 to uBound(sBadChars)
'Use Function Instr to check presence of illegal character in our variable
If Instr(sInput,sBadChars(iCounter))>0 Then
IllegalChars=True
End If
Next
End function
sBadChars2=array("CAST","CHAR","SET","-","update","select", "drop", "insert", "delete", "xp_", "DECLARE","NVARCHAR","varchar","CURSOR","Table_Cursor","","""","'",";",";-","0x4","EXEC(",");SET",");SET","0;","/t_blank","EXEC",".JS","UPDATE","@S=CAST","(",")","AS CHAR(4000)","4000","AS CHAR","AS }}{ ","[at] S }","(","[","{","}","\","(","\",")","\","^","$","&","_","%","#","!","/","\","?","/","\",",","$","!","[","]","""","'",";",";-","(",")","(","[","{","}","\","(","\",")","\","^","$","&","_","%","#","!","/","\","?","/","\",",","$","!",".","-","+","*",":","<",">","=","[","]")
Set conn = Server.CreateObject("ADODB.Connection")
conn.Open "Provider=SQLOLEDB;Data Source=localhost;uid=aassqq1;pwd=#%AA~II12;database=interviewq"
'Conn.Open "Data Source=" & Server.Mappath("db5.mdb") & ";Provider=Microsoft.Jet.OLEDB.4.0;"
%>