gistfile1.asp

<%
dim Conn
dim rs
dim rs2
dim cn
dim str
dim msg
dim from
dim message
dim stmt



' Connection Strings
cnProvider = "Provider=Microsoft.JET.OLEDB.4.0;"
cnDataSource = "Data Source =" & _
Server.MapPath ("database.mdb") & ";"

Conn = cnProvider & cnDataSource

set db = Server.CreateObject("Adodb.Connection")
db.Open Conn




' GET POST/GET Variables
from = sReplace(request("from"))
message = sReplace(request("message"))

stmt = "SELECT * FROM recieved WHERE (phone_no = '" & from & "' AND text = '" & message & "') "
set query = db.execute(stmt)

' Record doesn't already exist
if query.eof then
	db.execute("INSERT INTO received (phone_no, text) VALUES ('" & from & "', '" & message & "') ")
	response.write "{payload: {success: 'true'}}"
else
	response.write "{payload: {success: 'false'}}"
end if

Set db = nothing




' Function to prevent SQL Injection
Function sReplace(str)
	str = replace(str,"'", "''")
	str = replace(str,"--", "-")
	
	'Replace SQL Functions
	str = replace(str, "/script", "")
	str = replace(str, "insert into", "")
	str = replace(str, "delete from", "")
	str = replace(str, "drop table", "")
	str = replace(str, "exec(", "")
	str = replace(str, "cast(", "")
	str = replace(str, "varchar", "")
	str = replace(str, "nvarchar", "")
	str = replace(str, "sp_", "")
	str = replace(str, "xp_", "")
	str = replace(str, "@@", "")
	
	str = trim(str)
	sReplace = str
End Function
%>

It seems the variable stmt wasn't declared. Does ASP require it be declared?

It does need to be declared -- added it. Hadn't really tested the script and I wrote it pretty fast.

Great.

db.execute("INSERT INTO received (phone_no, text) VALUES ('" & from & "', '" & message & "') ");

It seems the ; not suppose to be at the end of the code.

LOL... my PHP is seeping into the ASP