The parse will fail if it isn't an int, so you could wrap it in a try catch
block to determine if it is an int.
string id = Request.QueryString["ID"];
if ( id != null && id.Length != 0 )
{
try
{
int m_TaskID = Int32.Parse( id );
mystuff(); //this will only execute when the parse happens
correctly.
}
catch( FormatException )
{
//it is not an int
}
}
Commentary:
Request.Querystring[] might return null, so you can not safely call
..ToString() on it. Also, it returns a string already, so there is no need
to call .ToString() on it.
Also I never check a string to String.Empty. It is much faster to check the
property .Length to 0.
Now in version 2.0, there will be a method call .TryParse() that will return
true or false for you and save you the exception trap, but that isn't slated
this summer 05
HTH,
bill
"Franck Diastein" <fd*******@euskaltel.net> wrote in message
news:OW**************@TK2MSFTNGP15.phx.gbl...
Hi,
How can I securely validate the Id's I receive with QueryString ?
This is what I do now:
if ( Request.QueryString["ID"].ToString() != string.Empty ) {
m_TaskID = int.Parse(Request.QueryString["ID"].ToString() );
mystuff();
}
With this I only validate that I'm receiving something, but hao can I
check the value received is int ?
TIA