This content is outdated and is no longer being maintained.It is provided as a courtesy for individuals who are still using these technologies.
You can use them to constrain input, apply formatting rules, and check lengths. This How To shows how you can use regular expressions within ASP. Objectives Overview Using a Regular Expression Validator Control Using the Regex Class Common Regular Expressions Additional Resources If you make unfounded assumptions about the type, length, format, or range of input, your application is unlikely to be robust.
To validate input captured with server controls, you can use the Regular Expression Validator control. Input validation can become a security issue if an attacker discovers that you have made unfounded assumptions.
To validate other forms of input, such as query strings, cookies, and HTML control input, you can use the System. The attacker can then supply carefully crafted input that compromises your application by attempting SQL injection, cross-site scripting, and other injection attacks.
To avoid such vulnerability, you should validate text fields (such as names, addresses, tax identification numbers, and so on) and use regular expressions to do the following: Regular expression support is available to ASP. If you capture input by using server controls, you can use the Regular Expression Validator control to validate that input.
NET applications through the Regular Expression Validator control and the Regex class in the System. You can use regular expressions to restrict the range of valid characters, to strip unwanted characters, and to perform length and format checks.
You can constrain the input format by defining patterns that the input must match.
To validate a server control's input using a Regular Expression Validator The regular expression used in the preceding code example constrains an input name field to alphabetic characters (lowercase and uppercase), space characters, the single quotation mark (or apostrophe) for names such as O'Dell, and the period or dot character.
In addition, the field length is constrained to 40 characters.
Enclosing the expression in the caret (^) and dollar sign ($)markers ensures that the expression consists of the desired content and nothing else.