function isValidInput(theForm) { var error_message = checkInput(theForm); if (error_message.match(/^This form|^Your query/)) { alert(error_message); return false; } else if (error_message != "") { flag = confirm(error_message); if (flag) { return true; } else { return false; } } else { return true; } } function checkInput(theForm) { var error_message = ""; var b_input_condition = false; var search_item; var search_word; var MaxConditions = 5; var valid; for (var i = 1; i <= MaxConditions; i++) { search_item = getSelectedValue(theForm["item" + i]); search_word = theForm["search_word" + i].value; valid = checkText(search_word); if (valid == false) { error_message = "This form can be input alphanumeric characters, space and underscore."; break; } valid = checkWord(search_word); if (valid == false) { error_message = "Your query includes SQL command like word."; break; } if (search_word != "") { valid = checkLength(search_word); if (valid == false) { error_message = "Your query is too short. Plase input a string which contain more than two characters."; break; } b_input_condition = true; } } if (b_input_condition == false && error_message == "") { error_message = "Search conditions are not specified. Do you search all of data in CGED?"; } return error_message; } function getSelectedValue(selObj) { return selObj[selObj.selectedIndex].value; } function checkText(search_word) { if (search_word.match(/[^a-z|A-Z|0-9|\_|\s+|\.]/)) { return false; } } function checkWord(search_word) { if (search_word.match(/(\s*select\s+)|(\s*insert\s+)|(\s*delete\s+)|(\s*update\s+)|(\s*create\s+)|(\s*drop\s+)|(\s+alter\s+)|(\s*rename\s+)/i)) { return false; } } function checkLength(search_word) { if (search_word.length < 2) { return false; } }