Home Catalogue Foto's Events Contact Links Mailinglist
	Subscribe E-Mail: Unsubscribe E-Mail: <% 'Function IllegalChars to guard against SQL injection Function IllegalChars(sInput) 'Declare variables Dim sBadChars, iCounter 'Set IllegalChars to False IllegalChars=False 'Create an array of illegal characters and words sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _ "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") 'Loop through array sBadChars using our counter & UBound function For iCounter = 0 to uBound(sBadChars) 'Use Function Instr to check presence of illegal character in our variable If Instr(sInput,sBadChars(iCounter))>0 Then IllegalChars=True End If Next End function Dim adoCon Dim rsMails Dim strSQL Dim email dim action action=Request.QueryString("action") Set adoCon = Server.CreateObject("ADODB.Connection") adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("mails.mdb") Set rsMails = Server.CreateObject("ADODB.Recordset") if action="add" then email=Request.Form("email") if IllegalChars(email)=False Then adoCon.execute("INSERT INTO email (email) VALUES ('" & email & "')") Response.Write("Succesfully subscribed") end if elseif action="delete" then email=Request.Form("email2") if IllegalChars(email)=False Then adoCon.execute("DELETE FROM email WHERE email='" & email & "'") Response.Write("Succesfully unsubscribed") end if elseif action="view" then strSQL = "SELECT * FROM email ORDER BY email;" rsMails.Open strSQL, adoCon Do While not rsMails.EOF Response.Write(" ") Response.Write(rsMails("email")) rsMails.MoveNext Loop rsMails.Close elseif action="view2" then strSQL = "SELECT * FROM email ORDER BY email;" rsMails.Open strSQL, adoCon Response.Write(" ") Do While not rsMails.EOF Response.Write(rsMails("email")) Response.Write("; ") rsMails.MoveNext Loop rsMails.Close end if %>
The Alchemist, Haltestraat 57, 3130 Begijnendijk, Belgium