I need to filter out characters like /?-^%{}[];$=*`#|&#'\"<>()+,\. I need replace this with empty string if it is there in the query string. Please help me out. I am using this in ASP pages.
Best idea would be to use a function something along the lines of:
Public Function MakeSQLSafe(ByVal sql As String) As String
'first i'd avoid putting quote chars in as they might be valid? just double them up.
Dim strIllegalChars As String = "/?-^%{}[];$=*`#|&#\<>()+,\"
'replace single quotes with double so they don't cause escape character
If sql.Contains("'") Then
sql = sql.Replace("'", "''")
End If
'need to double up double quotes from what I remember to get them through
If sql.Contains("""") Then
sql = sql.Replace("""", """""")
End If
'remove illegal chars
For Each c As Char In strIllegalChars
If sql.Contains(c.ToString) Then
sql = sql.Replace(c.ToString, "")
End If
Next
Return sql
End Function
This hasn't been tested and it could probably be made more efficient, but it should get you going. Wherever you execute your sql in your app, just wrap the sql in this function to clean the string before execution:
ExecuteSQL(MakeSQLSafe(strSQL))
Hope that helps
As with any string sanitisation, you're much better off working with a whitelist that dictates which characters are allowed, rather than a blacklist of characters that aren't.
This question about filtering HTML tags resulted in an accepted answer suggesting the use of a regular expression to match against a whitelist: How do I filter all HTML tags except a certain whitelist? - I suggest you do something very similar.
I'm using URL Routing and I found this works well, pass each part of your URL to this function. It's more than you need as it converts characters like "&" to "and", but you can modify it to suit:
public static string CleanUrl(this string urlpart) {
// convert accented characters to regular ones
string cleaned = urlpart.Trim().anglicized();
// do some pretty conversions
cleaned = Regex.Replace(cleaned, " ", "-");
cleaned = Regex.Replace(cleaned, "#", "no.");
cleaned = Regex.Replace(cleaned, "&", "and");
cleaned = Regex.Replace(cleaned, "%", "percent");
cleaned = Regex.Replace(cleaned, "#", "at");
// strip all illegal characters like punctuation
cleaned = Regex.Replace(cleaned, "[^A-Za-z0-9- ]", "");
// convert spaces to dashes
cleaned = Regex.Replace(cleaned, " +", "-");
// If we're left with nothing after everything is stripped and cleaned
if (cleaned.Length == 0)
cleaned = "no-description";
// return lowercased string
return cleaned.ToLower();
}
// Convert accented characters to standardized ones
private static string anglicized(this string urlpart) {
string beforeConversion = "àÀâÂäÄáÁéÉèÈêÊëËìÌîÎïÏòÒôÔöÖùÙûÛüÜçÇ’ñ";
string afterConversion = "aAaAaAaAeEeEeEeEiIiIiIoOoOoOuUuUuUcC'n";
string cleaned = urlpart;
for (int i = 0; i < beforeConversion.Length; i++) {
cleaned = Regex.Replace(urlpart, afterConversion[i].ToString(), afterConversion[i].ToString());
}
return cleaned;
// Spanish : ÁÉÍÑÓÚÜ¡¿áéíñóúü"
}
Related
I prepared this small example to show you my problem (vb.net and Newtonsoft)
I would prefer that the solution be done with Newtonsoft.
Public Class Message
Property Emoji As String
End Class
Public Sub GetJson()
Dim msgObject As New Message With {.Emoji = "\uD83D\uDE00"}
'Option 1
Dim JsonSerializerSettings As New JsonSerializerSettings
JsonSerializerSettings.StringEscapeHandling = StringEscapeHandling.EscapeNonAscii
Dim msgJson_1 As String = Newtonsoft.Json.JsonConvert.SerializeObject(msgObject, JsonSerializerSettings)
'Option 2
Dim msgJson_2 As String = Newtonsoft.Json.JsonConvert.SerializeObject(msgObject, Newtonsoft.Json.Formatting.None)
'Option 3
Dim stringWriter As New StringWriter()
Using writer As New JsonTextWriter(stringWriter)
writer.Formatting = Formatting.None
Dim serializer As New JsonSerializer()
serializer.Serialize(writer, msgObject)
End Using
Dim msgJson_3 As String = stringWriter.ToString()
End Sub
with none of the three options works, it always results in
{
"Emoji": "\\uD83D\\uDE00"
}
The result I need is
{
"Emoji": "\uD83D\uDE00"
}
How do I set Newtonsoft to not take into account the backslash character, as an escaped character?
Another unorthodox way could be:
jsonString = jsonString.replace("\\","\")
I do not really like
Thanks!!!!
\ is an escape char in JSON hence if you try and serialise a \ it gets escaped as \\ then when you deserialise \\ you get \
My guess is you have been given an example asking you to send "Emoji": "\uD83D\uDE00"
In json (and C#) \u#### specifies a unicode character (usually for something not found on a keyboard) as you are using VB.NET instead you should use $"{ChrW(&HD83D)}{ChrW(&HDE00)}"
"jsonString = jsonString.replace("//","/") " will never work, this is more safe way
json = json.Replace("\\\\u","\\u");
or since you don't like old, good classical solutions
json = Regex.Replace(json, #"\\u", #"u");
//or
json = json.Replace(#"\\u", #"\u");
even this will work in your case ( but I will not recommend for another cases since it is not safe)
json = Regex.Unescape(json);
I have a reference string on which the allowed characters are listed. Then I also have input strings, from which not allowed characters should be replaced with a fixed character, in this example "0".
I can use filter but it removes the characters altogether, does not offer a replacement. Please note that it is not about being alphanumerical, there are ALLOWED non-alphanumerical characters and there are not allowed alphanumerical characters, referenceStr happens to be arbitrary.
var referenceStr = "abcdefg"
var inputStr = "abcqwyzt"
inputStr = inputStr.filter{it in referenceStr}
This yields:
"abc"
But I need:
"abc00000"
I also considered replace but it looks more like when you have a complete reference list of characters that are NOT allowed. My case is the other way around.
Given:
val referenceStr = "abcd][efg"
val replacementChar = '0'
val inputStr = "abcqwyzt[]"
You can do this with a regex [^<referenceStr>], where <referenceStr> should be replaced with referenceStr:
val result = inputStr.replace("[^${Regex.escape(referenceStr)}]".toRegex(), replacementChar.toString())
println(result)
Note that Regex.escape is used to make sure that the characters in referenceStr are all interpreted literally.
Alternatively, use map:
val result = inputStr.map {
if (it !in referenceStr) replacementChar else it
}.joinToString(separator = "")
In the lambda decide whether the current char "it" should be transformed to replacementChar, or itself. map creates a List<Char>, so you need to use joinToString to make the result a String again.
I need a prepared string for my Visual Studio 2010 macro. The string should be the document name (document.Name) but without the file extension (for example .cs) and after each upper case should be a white space.
Example:
document.Name = TestFileName.cs
How can I get this:
"Test File Name"
For trivial cases (non consecutive upper-case):
file = IO.Path.GetFileNameWithoutExtension(file)
file = System.Text.RegularExpressions.Regex.Replace(file, "([a-z0-9])([A-Z])", "$1 $2")
Here is a basic framework
String PreString = "getAllItemsByID";
System.Text.StringBuilder SB = new System.Text.StringBuilder();
foreach (Char C in PreString)
{
if (Char.IsUpper(C))
SB.Append(' ');
SB.Append(C);
}
Response.Write(SB.ToString());
You may need to add a few checks:-When the very first char is Uppercase not to add a space.-When a word like ID is encountered, remove the last space.
[OR try this]
This will find each occurance of a lower case character followed by an upper case character, and insert a space between them:
s = s.replace(/([a-z])([A-Z])/g, '$1 $2')
I have a question about a string containing parentheses. Let me suppose that a string variable cityname is #"Boston (Massachusetts). I wonder why Xcode doesn't recognize the string inside parentheses? In the following code, only the first case is true.
// cityname = #"Boston (Massachusetts)"
if ([cityname rangeOfString:#"Boston"].location==!NSNotFound){
// true
}
if ([cityname rangeOfString:#"Massachusetts"].location==!NSNotFound){
// false
}
if (cityname isEqualToString:#"Boston (Massachusetts)"){
}
How can I make it so that I can validate the entire string even with parentheses (and apostrophes, too?)?
Thank you,
Tom
This has nothing to do with parentheses. You want [cityname rangeOfString:#"Massachusetts"].location != NSNotFound, not [cityname rangeOfString:#"Massachusetts"].location == !NSNotFound. They do totally different things.
Is there a built-in function to extract all characters in a string up until the first occurrence of a space?
Say the string is:
Methicillin-resistant staphylococcus aureus
I want to be able to get the substring:
Methicillin-resistant
You can do it in two functions:
newstring = mystring.Substring(0, mystring.IndexOf(" "))
Although that will fail if there's no space in mystring.
So you could pull out mystring.IndexOf(" ") into a variable and check whether it's -1 (no space found) before you try to use it in Substring.
The first solution you can use is a simple IndexOf
string GetFirstWord(string source)
{
int index = source.IndexOf(" ");
if (index == -1) return source;
else return source.Substring(0, index);
}
The second solution can be used if you want to keep all words into a string array.
string[] GetWords(string source)
{
return source.Split(' ');
}
if you only want the first word, you can use it like this :
string word = GetWords("Methicillin-resistant staphylococcus aureus")[0];
And a VB.NET solution. No, it can't be done with one built-in method; you need two:
Left(myString, InStr(myString, " ") - 1)
And like the other solutions you need to check InStr doesn't return 0 if myString may not contain a space.