Date: 12/22/2016 1:25:11 PM
Title: Getting Errors need help
Date: 8/4/2014 11:30:39 AM
this is the expression i am using [RegularExpression(@"^((?!(script)|(<)|(>)|(%3c)|(%3e)|(SELECT)|(UPDATE)|(INSERT)|(DELETE)|(GRANT)|(REVOKE)|(<)|(>)).*)$", ErrorMessage = "Error")]
If I enter SELECT, UPDATE and >,< ..etc. This is validated well.But I want to make it case insensitive. I tried by adding /i at the end, But didnt work out for me.Any help would be appreicated
Title: The word description should not match
Date: 5/25/2007 5:09:12 PM
The word description is a match since it contains "script". Ouch
Title: may return rows not matching search text
Date: 5/3/2007 12:36:33 PM
This regexp is or may be good to prevent the data from being modified or deleted, but there is no provision to prevent all the rows from being returned if they match the following text.
' OR 1=1 --
However, the above exploit will not work if search column values are supplied as paramaters to stored procs and not as concatenated strings.
Title: What about...
Date: 3/19/2007 1:53:35 PM
What about TRUNCATE?
Title: Ok found the problem
Date: 9/9/2005 11:29:38 AM
You must be sure to remove the spaces after
Title: Not working
Date: 9/9/2005 11:25:27 AM
If I run the Test with:
It returns NO matches.
Title: Case sensitive ???
Date: 9/8/2005 1:24:10 PM
SQl is not case sensitive
Just add "/i" at the end :
correct exp: (script)|(<)|(>)|(%3c)|(%3e)|(SELECT) |(UPDATE) |(INSERT) |(DELETE) |(GRANT) |(REVOKE)|
Title: Typo fixed...
Date: 2/8/2005 8:18:44 AM
Title: typo correction
Date: 2/7/2005 12:05:33 PM
there is a typo in the above script... (GRENT) should be (GRANT)
correct exp: (script)|(<)|(>)|(%3c)|(%3e)|(SELECT) |(UPDATE) |(INSERT) |(DELETE) |(GRANT) |(REVOKE)|(<) |(>)