I’m after a general regex for sanitising form input, I want to use it on first name last name fields , which will be stored in DB, and pretty much use it in other general places if I can.
I’m using ASP.net does any on
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m after a general regex for sanitising form input, I want to use it on first name last name fields , which will be stored in DB, and pretty much use it in other general places if I can.
I’m using ASP.net does any on
Sanitising user data is an output problem, not an input problem.
What is considered “sanitary” for a MySQL database is not necessarily “sanitary” for MSSQL or PostGreSQL. What is considered “sanitary” for a database is most likely not the same as what you could safely send in an HTML document. XHTML is a different story again and if you are outputing the user-supplied data into a javascript block or a CSS block it’s different yet again. There is no way to sanitise user-supplied data for all output targets.
It’s better to use the supplied library functions for sanitising data rather than building your own regex. PHP (which I happen to know better than ASP.net) has mysql_real_escape_string(). I’m sure ASP.net will have a library function for sanitising user-supplied data for use with various databases. It will also likely have library functions for sanitising user-supplied data for HTML as well.
Parameterised queries are even better than sanitising user-supplied data. And it can be done with ASP.net. This is the right way to use a database.