The regular expression is used in the webform login operation, and the regular expression is webform.

Source: Internet
Author: User
Tags simple sql injection

The regular expression is used in the webform login operation, and the regular expression is webform.

Many people may think this is very troublesome about the use of regular expressions. It is really troublesome. I can't remember too many expressions. Many of them are used when I need them on a temporary basis. It's a bit of an architecture for a pupil to read novels, and I will flip the dictionary again if I don't know the words.

Regular Expressions play little role in implementing the functions of a program. They are used for program security and program protection. For example, when you log on, if you do not write a regular expression, data injection may easily occur. The security of the program is not guaranteed. Of course, other determination methods can also play the same role. However, writing a regular expression is relatively simple.

This is the regular expression for webform login. First, create a webform project and add a web form editor.

// Note: it is best to add a label under the textbox to describe the input text to increase the convenience of users.

Then we create a button-click event,

1 protected void button#click (object sender, EventArgs e) 2 {3 string UserName = TextBox1.Text; 4 string UserPWD = TextBox2.Text;
/*************************************** * *********/5 ABCbank bll = new ABCbank (); 6 bool result = bll. login (UserName, UserPWD );
/***** // Note: This is a BLL-based judgment call. The page jumps to determine whether the user name and password match ***/

7 if (result = true)

8{
9 Server. Transfer ("webform2.aspx ");

10}

11 else

12 {

13 Response. Write ("<script> alert ('wrong account or password ') </script> ");

14}

15}

At this time, we will return the two values output by the textbox on the previous page. The Code is as follows:

   public string UserName        {            get            {                return TextBox1.Text;            }        }        public string UserPWD        {            get            {                return TextBox2.Text;            }        }    }

In this case, we create a webform2 form, put two labels in webform2, and add the following code under Page_Load of webform2:

 protected void Page_Load(object sender, EventArgs e)        {            WebForm1 wf1;            wf1 = (WebForm1)Context.Handler;            Label1.Text = wf1.UserName;            Label2.Text = wf1.UserPWD;        }

Add a data source in web. config and you can jump to it. In terms of programs, there is no problem with functional implementation. However, do you have to use the correct user name and password to log on? Of course not. Here we will not talk about the access method. Just talk about simple SQL injection. SQL Injection means that the SQL statement is compiled into the user name and password for data injection. In this way, a program protection problem is required here.

First, let's consider whether our user name can be standardized, just like the ID card number, which can only contain 15 or 18 digits. If we set that our user name can only consist of English letters and numbers, without spaces and punctuation marks, how should we write this protection, let's first look at the regular expression defining English and numbers: "^ [A-Za-z0-9] + $", then look at the regular expression defining the password, only by letters, expression composed of numbers and underscores "^ [A-Za-z0-9] + $", then let's write a regular expression to the user name and password input to see

String UserName = TextBox1.Text; string pattern = "^ [A-Za-z0-9] + $"; Regex r = new Regex (pattern); Match m = r. match (UserName); if (m. success) {Response. write (m. value);} else {Response. write ("the user name can only consist of letters and numbers");} string UserPWD = TextBox2.Text; string pattan1 = "^ [A-Za-z0-9] + $"; Regex r1 = new Regex (pattan1 ); match m1 = r1.Match (UserPWD); if (m1.Success) {Response. write (m1.Value);} else {Response. write ("the password can only consist of numbers and letters ");}

Here we add a regular expression to judge. If the input characters do not match our judgment, an error will be prompted, which can effectively avoid data injection. Of course, the same method also applies to registration or other data input fields. It should be noted that some people may criticize this method because I write the judgment on the front end, which will affect the running speed of the program, and others may like to write the judgment on the background, however, I personally think the front-end is better, and the problem is solved early. Will there be any other data penetration during the data transfer into the background? This is not the case if illegal input can be thrown out immediately. The judgment is independent from the data, which can also ensure data security.
Finally, for beginners, please read this article in the mood of watching the drama. Thank you @!

 

 

 


What are the learning priorities of web Front-end development js? Is regular expressions important? How many places are used?

Ask the person...
For front-end development engineers, CSS + HTML + JS
Advanced JS concepts, such as closures, object-oriented programming, JS tuning, common JS libraries, JQuery, or Ext, you need to use Ajax technology, ajax callback functions are required for regular expressions. Email verification and regular character matching are required. We recommend that you know more about prototype in the school.

Your school is still pretty good with HTML's new HTML5 content

C # Regular Expression Application

SubjectString = txtNum1.Text;
Try {
If (Regex. IsMatch (subjectString, @ "\ A [1-9] + \ Z ")){
// Match successful

} Else {
// Not a non-zero integer
}
} Catch (ArgumentException ex ){
// Syntax error in the regular expression
}

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.