Regular/****** Snow Dragon original *******/
All rights reserved, shall not be reproduced at the end of the author's consent
A long time ago, finally a little time to learn something new. Remember the previous paragraph to see a few security aspects of the article, mentioned the problem of SQL injection, so I want to do some of the exploration of prevention injection. To prevent injection, the most important thing is to input the information, in particular, the information that is executed in the SQL statement is validated to ensure that it does not contain malicious SQL elements, and this validation is exactly within the scope of the regular expression, and the regular expression of C # is experimented with to meet my needs, The results of the experiment are shared with you.
Operating Environment: winxp+iis6+asp.net+c#
A regular expression is a powerful tool for pattern matching and substitution by constructing an expression that matches the input string, and then returns the result of the processing, if you don't know about it, keep looking down.
The most extensive web authentication as an example: we received the input from the page of the user name, stored in variable temp_username, the variable may contain malicious information, we want the user name contains only English characters, numbers and underscores, we need to construct a regular expression of the Temp_ Username for processing, as in C #:
We're going to use the static method of System.Text.RegularExpressions.Regex.Replace (string, regular expression, substitution character), where the argument string is, of course, our temp_username, Regular expression I first give "\\w", the replacement character is "", the entire method is completed
System.Text.RegularExpressions.Regex.Replace (Temp_username, "\\w", "");
It replaces the character that matches the regular expression successfully
Here is a look at the construction of the regular expressions in C #:
C # Regular expressions are constructed in the same way as strings, and are enclosed in quotes in the form of "look".
The regular expression provides a special "meta character", which is a special character in a regular expression, and the commonly used metacharacters include "+", "*", "?", "\\s", "\\s", "\\d", "\\w", "\\w", case-sensitive, the following is a meta character description:
"+" such as "lo+" to match L a string with one or more occurrences, such as "Love", and "look" are
"*" Pending test
"?" to be tested
"\\s" matches a single spaces, including tab and line breaks.
"\\s" matches all characters except a single spaces.
"\\d" matches numbers from 0 to 0.
"\\w" matches letters, numbers, and underscores.
"\\w" matches all characters that do not match the \\w. (The first example is the use of this meta character, all the single quotes and spaces and other illegal characters are removed)
A special locator character is also provided in the regular expression, which includes: "^", "{$body}quot;," \\b "
The regular expression also provides a special range qualifier "[]", and the negative character [^]
[A-z] represents any one of 26 lowercase letters
[ABCD] represents any of the four letters of ABCD.
[0-9] represents 10 digits
[^a-z] represents a character other than 26 lowercase letters
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
