function Del(Word) {
    a = Word.indexOf("<");
    b = Word.indexOf(">");
    len = Word.length;
    c = Word.substring(0, a);
    if(b == -1)
        b = a;
    d = Word.substring((b + 1), len);
    Word = c + d;
    tagCheck = Word.indexOf("<");
    if(tagCheck != -1)
        Word = Del(Word);
    
    return InterogateWord(Word);
}

function Del_OLD(Word) {

    // Modify word if tag signs "<>" exists
    a = Word.indexOf("<");
    b = Word.indexOf(">");
    len = Word.length;
    c = Word.substring(0, a);
    if(b == -1)
        b = a;
    d = Word.substring((b + 1), len);
    Word = c + d;
    tagCheck = Word.indexOf("<");
    if(tagCheck != -1)
        Word = Del(Word);
   
    // Modify sql injection characters
    Word = ReplaceWord(Word, "--", "~~")
    Word = ReplaceWord(Word, "insert", "[i]nsert")
    
    //Word = ReplaceWord(Word, "*/", "~~")
    //Word = ReplaceWord(Word, "char(", "[c]har(")
    //Word = ReplaceWord(Word, "nvarchar(", "[n]varchar(")
    //Word = ReplaceWord(Word, "char(", "[c]har(")

    // Modify sql statement words if semicolon exist 
    semicolon = Word.indexOf(";");
    if(semicolon != -1){
        //a1 = "delete" 
        //a2 = "[d]elete"
        //Word = ReplaceWord(Word, a1, a2)
        Word = InterogateWord(Word)
    }
    return Word;
}

var req;
var tempword;
var browser_detect = navigator.userAgent.toLowerCase();
var version = navigator.appVersion;
function InterogateWord_safari() {
    var xmlDoc=null;
    var url = "/xml/SQLWords.xml";

   if ((browser_detect.indexOf("safari") + 1)) 
   {
        
        // branch for native XMLHttpRequest object
        if(window.XMLHttpRequest && !(window.ActiveXObject)) {
            try {
	            req = new XMLHttpRequest();
            } catch(e) {
	            req = false;
            }
            // branch for IE/Windows ActiveX version
        } 
        if(req) {
            if (version.indexOf("Mac")!=-1)
			{
	            req.onreadystatechange = processReqChange;
	            req.open("GET", url, true);
	            req.send();
            
			}
			else
            {
				req.onreadystatechange = processReqChange;
			    req.open("GET", url, false);
           		req.send(""); 
			}

        }
   }

}

function InterogateWord(Word) {
   if ((browser_detect.indexOf("safari") + 1)) 
   {   
        return Word;
   }
   else
   {
        if (window.ActiveXObject)
            {// code for IE
            xmlDoc=new ActiveXObject("Microsoft.XMLDOM");
            }
        else if (document.implementation.createDocument)
            {// code for Mozilla, Firefox, Opera, etc.
            xmlDoc=document.implementation.createDocument("","",null);
            }
        else
            {
            //alert('Your browser cannot handle this script');
            return Word;
            }
        if (xmlDoc!=null) 
            {
            xmlDoc.async=false;
            //xmlDoc.load("SQLWords.xml");
            xmlDoc.load("/xml/SQLWords.xml");
            
            var x=xmlDoc.getElementsByTagName("WORDS");

            for (var i=0;i<x.length;i++)
                { 
                a = x[i].getElementsByTagName("WORD")[0].childNodes[0].nodeValue;
                b = x[i].getElementsByTagName("REPLACEMENT")[0].childNodes[0].nodeValue;

                Word = ReplaceWord(Word, a, b)
                }
            }
        return Word;    
    }
    

}


function ReplaceWord(Word, SearchTxt, ReplaceTxt) {
    var patt1 = new RegExp(SearchTxt,"gi");
    return  Word.replace(patt1, ReplaceTxt);  
}

function checkInjection(theField){

	if (isEmpty(theField.value)) return true;
	if (isWhitespace(theField.value)) return true;           
    ToCheck = theField.value;
    Checked = Del(ToCheck);
    theField.value = Checked;


    if ((browser_detect.indexOf("safari") + 1)) 
	{
		tempword = theField;
		InterogateWord_safari();
		return false;
	}
	else
		return true;
}

function processReqChange() {
    // only if req shows "loaded"
    if (req.readyState == 4) {
        // only if "OK"
        if (req.status == 200) {
            var x=req.responseXML.documentElement.getElementsByTagName("WORDS");
            for (var i=0;i<x.length;i++)
            { 
                a = x[i].getElementsByTagName("WORD")[0].childNodes[0].nodeValue;
                b = x[i].getElementsByTagName("REPLACEMENT")[0].childNodes[0].nodeValue;
                tempword.value =ReplaceWord(tempword.value, a, b);
            }   
        }
        
        if (!document.getElementsByTagName)
           elementsForms = 0;
        else
            elementsForms = document.getElementsByTagName("form").length - 1;
            
		document.forms[elementsForms].submit();
		return true;
    }
}