Home > 2010 Winter BTI420 > Input validation introduction

Input validation introduction

January 25, 2010 Leave a comment Go to comments

ASP.NET offers input validation controls, which make it easier to enable the safe receipt of input data from users. We introduce them today.


Never trust user input

Don’t give a browser user a way to submit data that may damage your application or its execution platform.

However, if you do have to get user input, through a textbox for example, the ASP.NET platform provides you with a number of powerful yet easy-to-use ways to validate input. One of these ways is to use one or more validation controls.

These controls are associated with data input controls, and enable you to configure the data’s properties and eliminate vulnerabilities. See the readings for more examples; we will code some of these in class. Also, check the documentation on the virtual textbook page.


Getting started with validation controls

To get started with validation controls, you can follow these general steps:

  1. Ensure that your web form already includes a web server control that gets input data from a user
  2. From the Validation controls toolbox, drag-and-drop one of the validation controls to the form; place it near the web server control to be validated
  3. Open the validation control’s properties, and configure the required and optional/extra properties


Using Regular Expressions in your code

Regular expressions provide a way to process text/string data. The processing can include finding/parsing/matching, editing, extracting, and so on. Regular expressions define a language syntax, and the .NET Framework includes classes for working with regular expressions.

The following is adapted from an MSDN article:

The regular expression language is designed and optimized to manipulate text. The language comprises two basic character types: literal (normal) text characters and metacharacters. The set of metacharacters gives regular expressions their processing power.

You are probably familiar with the ? and * metacharacters used with the file system to represent any single character (?) or group of characters (*). For example, the command COPY *.DOC %TEMP% commands the file system to copy any file with a .DOC file name extension to the temporary files folder.

The metacharacter * has meaning to us, as it represents any file name in front of the file name extension .DOC.

Regular expressions extend this basic idea many times over, providing a large set of metacharacters that make it possible to describe very complex text-matching expressions with relatively few characters.


Categories: 2010 Winter BTI420
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: