<% 'Dim queryStringsL, params, values, indx, cnt, badParam badParam = false queryStringsL = Request.ServerVariables("QUERY_STRING") queryStringsL = LCase(queryStringsL) For Each indx in Request.Form queryStringsL = queryStringsL + LCase(Request.Form(indx)) Next 'check for * if InStr(queryStringsL, "%2a") > 0 or InStr(queryStringsL, "*") > 0 then badParam = true end if 'check for <, =, > if InStr(queryStringsL, "%3c") > 0 or InStr(queryStringsL, "%3d") > 0 or InStr(queryStringsL, "%3e") > 0 or InStr(queryStringsL, ">") > 0 or InStr(queryStringsL, "<") > 0 then badParam = true end if 'check for a combination of delete and from if InStr(queryStringsL, "delete") > 0 and InStr(queryStringsL, "from") > 0 then badParam = true end if 'check for a combination of update and set if InStr(queryStringsL, "update") > 0 and InStr(queryStringsL, "set") > 0 then badParam = true end if 'check for insert into if InStr(queryStringsL, "insert") > 0 and InStr(queryStringsL, "into") > 0 then badParam = true end if if InStr(queryStringsL, "load_file") > 0 then badParam = true end if 'check for .exe, .dll, ;, exec if InStr(queryStringsL, ".exe") > 0 or InStr(queryStringsL, "exec") > 0 or InStr(queryStringsL, ".dll") > 0 or InStr(queryStringsL, ";") > 0 or InStr(queryStringsL, "%3b") > 0 then badParam = true end if 'check for use, select, create and drop if InStr(queryStringsL, "use") > 0 or InStr(queryStringsL, "create") > 0 or InStr(queryStringsL, "drop") > 0 or InStr(queryStringsL, "select") > 0 then badParam = true end if if InStr(queryStringsL, "varchar") > 0 Or InStr(queryStringsL, "declare") > 0 Or InStr(queryStringsL, "cast") > 0 Then badParam = true End If ' Added May 29 2008 '--------------------- if InStr(queryStringsL, "and exists") > 0 then badParam = true end if if InStr(Replace(queryStringsL," ",""), "1=1") > 0 OR InStr(Replace(queryStringsL," ",""), "1=2") > 0 then badParam = true end if if InStr(queryStringsL, "char(124)") > 0 then badParam = true end if ' end of May 29 2008 Addition '-------------------------------------------------------- if badParam = true then response.Redirect("http://www.artinstitutes.com/404z.htm") end if %>
Education Management Corporation Contact Us Site Map Privacy Policy
About EDMC Programs & Campuses Investor Relations Newsroom Employment

>Home:     >Programs & Campuses     >Locations     >The New England Institute of Art
Welcome
Art Institute Programs
Locations
Graduate Success Stories
The New England Institute of Art New England School of Art and Communications

10 Brookline Place West
Brookline, MA 02445
Phone: 617.739.1700
Toll Free: 1-800-903-4425

Click the address to visit the site:
www.artinstitutes.edu/Boston