[thelist] cint() error question
Brian Cummiskey
brian at hondaswap.com
Tue Jan 2 18:59:10 CST 2007
I'm looking for a way to test that a passed in value is an integer to
avoid possible sql injection using classic ASP to generate an xml feed.
cid = request.querystring("cid")
If cid <> "" Then
cid = CInt(cid)
End if
This works fine, unless something besides an integer is passed in the
query string.
is there a way to test that cid IS in fact an integer, before trying to
cast it as such?
I tried
cid = request.querystring("cid")
If cid <> "" Then
If CInt(cid) = True Then
cid = CInt(cid)
Else
response.write "hacking attempt"
response.End
End if
End if
but it doesn't like that and 500's out.
Appreciate any suggestions.
Thanks
More information about the thelist
mailing list