Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I receive numeric variables in my queryString.
I’m doing validation with the following code:
if (!String.IsNullOrEmpty(Request.QueryString["num"]))
if (!int.TryParse(Request.QueryString["num"],out value)
throw SecurityError;
Is that validation safe enough? Is it the most efficient?
(Let’s assume that every int number I get is valid)
The only case you are not handling in the above code is when no ‘num’ is passed in the query string. I’m not sure what you want to do in this case, but you could remove the outer
ifblock, so that your exception is thrown if the parameter is not passed at all.Also, ‘SecurityError’ would seem a strange type of exception to throw in the case of a non-numeric argument.
Otherwise it looks fine.