Effective C # principle 39: Use. NET validation

User input can be varied: you must validate input as much as possible in an interactive control. Writing some user input validation may be contrived, and there may be errors, but it is still necessary. You cannot trust the user's input too much, the user may enter anything to cause an exception to occur, and then a SQL injection attack. We don't want anything like that to happen. You should know enough information to doubt the user's input. Well, everyone should do it, that's why. NET Framework has expanded this functionality so that you can use these features to minimize your code writing because we want to validate every piece of data that the user enters.

. NET Framework provides a different mechanism for validating user input, which can be used in Web and Windows applications, respectively. Web applications should validate data on browsers, typically using JavaScript. Some validation controls generate some JS code in the HTML side, which is very effective for your users: When you enter each entry, they do not have to return data to the service each time. These Web controls use the extended functionality of regular expressions to perform validation of user input, which can be done between the page submission and the server. Even so, you have to do some extra validation on the server to avoid being attacked by the program. Windows uses programs to use different patterns. User input can be validated directly in the application with C # code. All windows controls are verifiable when you want to notify users of illegal input. The general pattern is to indicate an illegal input using the exception of the property access. The UI control catches these exceptions and then displays the error to the user.

You can use 5 Web controls to handle most of the validation tasks in your ASP.net application. These 5 controls are properties that control the special fields to be validated. RequiredFieldValidator forces a user to enter a value in a given field, RangeValidator requires that the value provided by a particular field be within a given range, which is either the size of a number or the length of a string. CompareValidator allows you to construct a validation rule to validate two of the same controls on the form. These three controls are simple. The last two controls provide powerful features that allow you to validate according to the method you want to request. RegularExpression validation uses the same expression to validate user input. If a match is returned with the comparison, the input is valid. Regular expressions are a useful language. You can create regular expressions for all of your actual situations. Vs.net contains some validated expressions that can help you start learning about it. Here are some useful materials to help you learn more regular expressions, and I strongly encourage you to learn it. But I can't digress without offering you some of the most common constructs. Table 5.1 shows some of the most common regular expression elements that you might use to validate input in your application:

Table 5.1 Common Regular expressions

Structural implication

[A-z] matches a single lowercase character. Any character in the character set in parentheses matches a single character.

\d any number.

The ^,$^ represents the start of the string, and the $ indicates the end.

\w matches any word. This is a [a-za-z0-9] shorthand.

(? NAMEDGROUP\D{4,16}) shows two different common elements,? Namedgroup defines a special variable to reference the match. {4,16} matches the previous construct at least 4 times up to 16 times. This pattern matches a string that contains at least 4 but not more than 16 digits. If the match exists, the result is stored in Namedgroup for later use.

(a|b|c) matches A or B or C. With the line is the choice of the operation: the input is any one of them.

(? (namedgroup) a|b) optional. This is equivalent to the ternary operation in C #, that is, if Namedgroup exists, match A, otherwise match B.

Here's a simple explanation for the regular expression. Feel that the author here to write regular expression is neither fish nor fowl, that is, not all of the fine. )

Using these and regular expression constructs, you can find that you can verify any content that the user submits to you. If the regular expression is not enough, you can also add your own validation by deriving a new class from CustomValidator. This is a no small job, and I try to avoid it as much as possible. When you use C # to write a server function to verify the data, you also use ECMAScript to write a client's validation function. I hate to do the same thing two times, and I try to avoid writing anything with ECMAScript, so I like to paste regular expressions.

For example, there is a regular expression that verifies the phone number of us. It accepts the area code enclosed in parentheses, or without parentheses, and then the space between the area code and the number, the Exchange number (Exchange), and the number. The horizontal line between the area code and the interchange number is also optional:

((\ (\s*\d{3}\s*\)) | (\d{3})) -?\S*\D{3}\S*-\S*\D{4}

By examining the expression of each group, the logic is clear:

((\ (\s*\d{3}\s*\)) | (\d{3})) -?