[Discusman]

Hi all,

I have forms and photo upload features in my website. I'm using IIS 5.1 in Windows XP Pro.

What do I need to add into my code to validate user input?
I had SQL injection attack before, now I use replace function to remove any malicious words such as SELE, DELE, Ad, etc.. to prevent SQL injection attack. Are there any other attacks which it can be triggered in a text input field? What do I need to do to prevent it?

I also have a photo upload feature, it allows user upload photos to my table and the photo will be displayed in the gallery. How can I validate the user upload file is image file only? I mean user might be able to upload malicious scripts, virus to my server. How can I prevent that?

I'm using ASPUpload software to achieve this feature.

Thanks.

[raylu]

Well, if you form looks like this:

Code:

{form name=form1}{input type=text name=textinp1}
{input type=button value=Upload onclick=checkupload()}{/form}

you can have JavaScript check to see what it is. I'm
I'm not too sure about this though...

Code:

{script language=javascript}{!--
function checkupload() {
if (form1.textinp1.value = "maliciousfilename.exe") {
alert("Some kinda message.")
return false
}
}
//--}{/script}

I'm not sure if that's what you want. Replace { with < and } with >.