473,320 Members | 1,817 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Validation

Hi,

How can I securely validate the Id's I receive with QueryString ?

This is what I do now:

if ( Request.QueryString["ID"].ToString() != string.Empty ) {
m_TaskID = int.Parse(Request.QueryString["ID"].ToString() );
mystuff();
}

With this I only validate that I'm receiving something, but hao can I
check the value received is int ?

TIA
Nov 19 '05 #1
2 3555
The parse will fail if it isn't an int, so you could wrap it in a try catch
block to determine if it is an int.

string id = Request.QueryString["ID"];

if ( id != null && id.Length != 0 )
{
try
{
int m_TaskID = Int32.Parse( id );
mystuff(); //this will only execute when the parse happens
correctly.
}
catch( FormatException )
{
//it is not an int
}
}

Commentary:
Request.Querystring[] might return null, so you can not safely call
..ToString() on it. Also, it returns a string already, so there is no need
to call .ToString() on it.

Also I never check a string to String.Empty. It is much faster to check the
property .Length to 0.

Now in version 2.0, there will be a method call .TryParse() that will return
true or false for you and save you the exception trap, but that isn't slated
this summer 05

HTH,

bill

"Franck Diastein" <fd*******@euskaltel.net> wrote in message
news:OW**************@TK2MSFTNGP15.phx.gbl...
Hi,

How can I securely validate the Id's I receive with QueryString ?

This is what I do now:

if ( Request.QueryString["ID"].ToString() != string.Empty ) {
m_TaskID = int.Parse(Request.QueryString["ID"].ToString() );
mystuff();
}

With this I only validate that I'm receiving something, but hao can I
check the value received is int ?

TIA

Nov 19 '05 #2
Yes - A bit awkward to use try/catch for regular logic flow but thats the way
its got to be done in .net 1.x

2.0 has int32.TryParse which will retrun a bool if it is a int

"William F. Robertson, Jr." wrote:
The parse will fail if it isn't an int, so you could wrap it in a try catch
block to determine if it is an int.

string id = Request.QueryString["ID"];

if ( id != null && id.Length != 0 )
{
try
{
int m_TaskID = Int32.Parse( id );
mystuff(); //this will only execute when the parse happens
correctly.
}
catch( FormatException )
{
//it is not an int
}
}

Commentary:
Request.Querystring[] might return null, so you can not safely call
..ToString() on it. Also, it returns a string already, so there is no need
to call .ToString() on it.

Also I never check a string to String.Empty. It is much faster to check the
property .Length to 0.

Now in version 2.0, there will be a method call .TryParse() that will return
true or false for you and save you the exception trap, but that isn't slated
this summer 05

HTH,

bill

"Franck Diastein" <fd*******@euskaltel.net> wrote in message
news:OW**************@TK2MSFTNGP15.phx.gbl...
Hi,

How can I securely validate the Id's I receive with QueryString ?

This is what I do now:

if ( Request.QueryString["ID"].ToString() != string.Empty ) {
m_TaskID = int.Parse(Request.QueryString["ID"].ToString() );
mystuff();
}

With this I only validate that I'm receiving something, but hao can I
check the value received is int ?

TIA


Nov 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

21
by: Stefan Richter | last post by:
Hi, after coding for days on stupid form validations - Like: strings (min / max length), numbers(min / max value), money(min / max value), postcodes(min / max value), telefon numbers, email...
2
by: wumingshi | last post by:
Hi, When validating an XML instance, sometimes the schema is not enough to expression the validation rules. Additional validation rules may be expressed in an application-specific way. For...
4
by: Tim Meagher | last post by:
I am trying to use both validation controls and to add submit button attributes, but when I add the button attributes, the javascript fpr the validation controls is no longer created for the page. ...
14
by: Matt | last post by:
I want to know if ASP.NET Web Forms Validation Controls are Server-Side or Client-Side form validation? Since I think each validator control can select either 1) JavaScript based error dialog or 2)...
6
by: Stephen | last post by:
Hi, the validation controls dont work on Netscape or Mozilla and only on Internet Explorer why? How do i correct this problem? Thanks
7
by: Ryan Ternier | last post by:
We're running a site that has required field validation on the login page. It works fine on our development / test machines. However, when I upload this site to our live server i get this error. ...
5
by: Chris | last post by:
Based upon some prevoius postings on what to do for adding a 'add' row to a datagrid I utilize the footer to create the 'add' row. The only issue is that I have it sharing the 'UpDate_Command' and...
4
by: David Colliver | last post by:
Hi all, I am having a slight problem that hopefully, someone can help me fix. I have a form on a page. Many items on the form have validation controls attached. Also on this form are...
2
by: dustbort | last post by:
I recently had a problem where my required field validator stopped working. But, the page still posted back and tried to insert a record into the database without performing server-side validation....
6
by: Jon Paal | last post by:
validation doesn't fire what's missing ????? /////// ---- code -----/////////////////////////// Sub btnSubmit_Click(sender As Object, e As System.Web.UI.ImageClickEventArgs) 'Handles...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.