[loolweb]

I have this site with a lot of form pages in it.
Now I would like to clean the request.form values in order to avoid malicious code injections.

Since I don't want to go page by page and repeat writing the code to clean the values, I would like to do something generic for the site. So I have this module which is included in all my pages,
and there I want to go over the request.form values and clean them from illegal characters.

So the code looks like:

Code:

for each x in Request.Form
	Request.Form(x)=replace(Request.Form(x),">"," ")
next

which means that I want to replace the ">" character with " " (empty string).

The thing is that I cannot override the request.form value.
I'm getting this error:

Microsoft VBScript runtime error '800a01b6'
Object doesn't support this property or method: 'Request'

Does ASP prevents this override?

I know that with PHP you can override the $_POST values.

Can someone here suggest how to workaround it?

TX,
loolweb guy.

i have never tried to override the value, i typicaly work with variables so i will call the form item into var1 and then do my changes and return var1 from the function

so my code might be

Code:

<%
function striphtml(formi)
return 
replace(formi,">"," ")end function
%>


'in your for loop
striphtml(x)

i think that should do it. i have been coding in vb.net for a windows app for the last week so i might have mixed some of the syntax, if it doesnt work let me know.