Register

Current Issue:April 2008
<% 'declare your variables Dim strTitle, strSurname, strFirstname, strOrganisation, strEmail, strCountry, strUsername, strPassword, strConfPassword, strPCaddress Dim sConnString, connection, sSQL ' Receiving values from Form, assign the values entered to variables strTitle = replace(request.Form("txtTitle"),"'","''") strSurname = replace(request.Form("txtSurname"),"'","''") strFirstname = replace(request.Form("txtName"),"'","''") strOrganisation = replace(request.Form("txtOrgan"),"'","''") strEmail = replace(request.Form("txtEmail"),"'","''") strCountry = replace(request.Form("txtCountry"),"'","''") strUsernam = replace(request.Form("txtUsername"),"'","''") strPasswrd = replace(request.Form("txtPassword"),"'","''") strConfPassword = replace(request.Form("txtConfpass"),"'","''") strPCAddress = Request.ServerVariables("REMOTE_ADDR") 'Call the function IllegalChars to check for illegal characters If IllegalChars(strTitle)=True OR IllegalChars(strSurname)=True OR IllegalChars(strFirstname)=True OR IllegalChars(strEmail)=True OR IllegalChars(strPasswrd)=True OR IllegalChars(strConfPassword)=True OR IllegalChars(strUsernam)=True Then Response.write "Your registration could not be completed!" End If 'Function IllegalChars to guard against SQL injection Function IllegalChars(sInput) 'Declare variables Dim sBadChars, iCounter 'Set IllegalChars to False IllegalChars=False 'Create an array of illegal characters and words sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _ "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|", "declare", "convert") 'Loop through array sBadChars using our counter & UBound function For iCounter = 0 to uBound(sBadChars) 'Use Function Instr to check presence of illegal character in our variable If Instr(sInput,sBadChars(iCounter))>0 Then IllegalChars=True End If Next End function Function AccessDateTime (dateandtime) Dim myDay Dim myMonth Dim myYear myDay = Day(dateandtime) If Len(myDay)=1 Then myDay="0" & myDay myMonth = Month(dateandtime) If Len(myMonth)=1 Then myMonth="0" & myMonth myYear = Year(dateandtime) AccessDateTime = myYear & "-" & myMonth & "-" & myDay & " " & Time() End Function if (strPasswrd = strConfPassword) and (strPasswrd <> "") then 'declare SQL statement that will query the database sSQL = "INSERT into users_tbl (Title, Firstnam, Surnam, Organisation, Email, Country, Usernam, Passwrd, ConfPassword, PCAddress, dDate) values ('" & _ strTitle & "', '" & strFirstname & "', '" & strSurname & "', '" & strOrganisation & "', '" & strEmail & "', '" & strCountry & "', '" & strUsernam & "', '" & strPasswrd & "', '" & strConfPassword & "', '" & strPCAddress & "', #" & AccessDateTime(NOW()) & "#)" 'define the connection string, specify database 'driver and the location of database sConnString="PROVIDER=Microsoft.Jet.OLEDB.4.0;" & _ "Data Source=D:\Sites\Pungo8\dadmin2\database\core.mdb;" & _ "Persist Security Info=False" 'create an ADO connection object Set connection = Server.CreateObject("ADODB.Connection") 'Open the connection to the database connection.Open(sConnString) 'execute the SQL connection.execute(sSQL) ' Done. Close the connection object connection.Close Set connection = Nothing response.Write("Thank you for registering. You may now log in.") else response.Write("Passwords do not match. Please re-enter your details") end if %>
Books