I'm after a general regex for sanitising form input, I want to use it on first name last name fields , which will be stored in DB, and pretty much use it in other general places if I can.
I'm using ASP.net does any on
Asked
Active
Viewed 219 times
0
-
What do you mean by 'sanitizing' ? What are the charcaters to remove ? – Didier Ghys Nov 25 '11 at 06:34
-
Please take a look at this thread. This has already been asked before. http://stackoverflow.com/questions/888838/regular-expression-for-validating-names-and-surnames – Graymatter Nov 25 '11 at 09:00
-
Could you please provide a specific use case (what you are trying to achieve), and what you have already tried? This question is way too generic, and looks unfinished to me. Otherwise it will probably be flagged for the moderators. – Maarten Bodewes Nov 26 '11 at 22:16
1 Answers
0
Sanitising user data is an output problem, not an input problem.
What is considered "sanitary" for a MySQL database is not necessarily "sanitary" for MSSQL or PostGreSQL. What is considered "sanitary" for a database is most likely not the same as what you could safely send in an HTML document. XHTML is a different story again and if you are outputing the user-supplied data into a javascript block or a CSS block it's different yet again. There is no way to sanitise user-supplied data for all output targets.
It's better to use the supplied library functions for sanitising data rather than building your own regex. PHP (which I happen to know better than ASP.net) has mysql_real_escape_string(). I'm sure ASP.net will have a library function for sanitising user-supplied data for use with various databases. It will also likely have library functions for sanitising user-supplied data for HTML as well.
Parameterised queries are even better than sanitising user-supplied data. And it can be done with ASP.net. This is the right way to use a database.
Ladadadada
- 508
- 3
- 15