Need your help with this script

In the following script I think it’s validating form labels: test number, test year, test type ,serial and pin numbers stored in a database - right? - otherwise what is it doing?

Also, I do not get the part containing the regular expression.
Note: this is not my handiwork but I want to make a chit with serial and pin numbers which gets exhausted when used thrice and only unique to a user on 1st use: thus a user may need a new chit for subsequent check after it’s used thrice.

<script language="JavaScript" type="text/JavaScript">

function test ()
{ 
         var TestNumber = document.getElementById ("txtTestNumber");
         var TestYear = document.getElementById ("drpTestYear");
         var serial = document.getElementById ("txtCardSerialNo");
         var pin = document.getElementById ("txtPIN");
         if ( trim (Test Number.value) == ' ' )
                   {
                            alert ('Test Number cannot be blank');
                             return;
                   }
     // if conditions for the rest of the variables
    
     var qrystr = ' ?TestNumber=' + trim ( TestNumber.value) + '&            TestYear= ' + TestYear.value + '&serial=' + trim( serial.value) + '&pin=' +  trim(pin.value) 

  //alert(qrystr);
  window.open('DisplayResult.aspx' + qrystr, " ",  'scrollbars, width=500,       height=680');

}

  function 1trim (str, chars) {
       chars || " \\s" ;
       return str.replace (new RegExp ("^ [" + chars + "] +", " g "), " ") ;

}

  function rtrim (str, chars) {
       chars = chars || "\\s" ;
       return str.replace (new RegExp (" [" + chars + " ] +$", "g"), "");

}

The regular expressions remove given set of characters from the beginning of the string (ltrim() function), and from the end (rtrim())…

^... means “start of the string”
...$ means "end of the string.
[...] means any character. E.g. [abc] will match a or b or c.

If you don’t pass chars it will use \s as set of characters. \s - means any white space character (tab, space).

So your regex just removes those characters.

The code itself just grabs values from document elements, removes whitespaces, and opens a new window, with those arguments, so that server can handle them (hard to tell what exactly the server is doing, as it is .aspx file, which means it runs .NET).

1 Like

@anvaka thumbs up! - I get the regex now.
However, if I were to use mysql server would I have to store the pin and serial values in a DB table? since I want to be the provider of those values.
I stand corrected!

The query string being built here is definitely NOT suitable for use as a database query, it is building part of a url, specifically the “query” part following an endpoint. The data is not being checked beyond whitespace removal.

This is definitely a poor pattern to follow for building database queries. There you should always use a parametrised query to avoid SQL injection (think about what might happen if any of those fields contained ‘; drop users;’ or similar content that potentially alters the meaning and effect from what was intended.

/d

@dln you have come to the rescue!

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.