Home/ Questions/Q 7847871
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T18:01:56+00:00

I am using a class to check for certain words in my application to

  • 0

I am using a class to check for certain words in my application to prevent SQL Injection.

In the class, there is a for loop that tries to match a specific word with the words from a blacklist.
If there is a match, I must redirect to the system’s error page.

However, when a match is found and I try to redirect, I keep getting the error “Unable to evaluate expression.”

Here is the code:

Private Sub CheckInput(ByVal parameter As String)
Try
    Dim errorPage As String = "error_page.aspx?Injection=" & parameter

    For i As Integer = 0 To blackList.Length - 1
        If (parameter.IndexOf(blackList(i), StringComparison.OrdinalIgnoreCase) >= 0) Then
            'Handle the discovery of suspicious Sql characters here 
            'generic error page on your site 
            HttpContext.Current.Response.Redirect(errorPage)
        End If
    Next

Catch ex As Exception
    Throw ex
End Try

Once the Try block catches the error, it keeps giving the error and doesn’t redirect to the error page.

Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The “Unable to evaluate expression” is from the Visual Studio debugger, when it sees the ThreadAbortException thrown by Response.Redirect. Without a debugger attached, your code will work as expected.

    You can pass false to prevent the current request being ended (which is what the ThreadAbortException is for). You’re then responsible for “ending” the request gracefully.

    FWIW, you should also remove the try/catch, as it’s serving no useful purpose other than hiding any exceptions. And, as mentioned, SQL parameters are the way to prevent injection – not whitelists.

    • 0