<% if request.form("func") = "Login" and Request.Form("uname") > "" and Request.Form("pword") > "" then username = Trim(Request.Form("uname")) password = Trim(Request.Form("pword")) 'Call the function IllegalChars to check for illegal characters If IllegalChars(username)=True OR IllegalChars(password)=True Then response.write "كلمة السر أو اسم المستخدم غير صحيح" Else sql = "Select username, password from members WHERE username = '"& username & "' AND password = '"& password & "'" set rec = Con.execute(sql) if rec.eof then response.write "كلمة السر أو اسم المستخدم غير صحيح" else Session("member_username") = rec("username") Session("member_password") = rec("password") response.redirect "../members/" end if end if End If Function IllegalChars(sInput) Dim sBadChars, iCounter IllegalChars=False sBadChars=array("select", "drop", ";", "--", "insert", "delete", "xp_", _ "#", "%", "&", "'", "(", ")", "/", "\", ":", ";", "<", ">", "=", "[", "]", "?", "`", "|") For iCounter = 0 to uBound(sBadChars) If Instr(sInput,sBadChars(iCounter))>0 Then IllegalChars=True End If Next End function %>