Validating data in asp
Often the best approach is the simplest in terms of code.The account select option is read directly and provided in a message back to the backend system without validating the account number if one of the accounts provided by the backend system.The idea is that you should check that the data is one of a set of tightly constrained known good values. Data should be: This strategy, also known as "negative" or "blacklist" validation is a weak alternative to positive validation.Essentially, if you don't expect to see characters such as ?Business rules are known during design, and they influence implementation.However, there are bad, good and "best" approaches.
For example, the web / presentation tier should validate for web related issues, persistence layers should validate for persistence issues such as SQL / HQL injection, directory lookups should check for LDAP injection, and so on. All sections should be reviewed The most common web application security weakness is the failure to properly validate input from the client or environment.Data from the client should never be trusted for the client has every possibility to tamper with the data.Thus, "(555)123-1234", "555.123.1234", and "555\"; DROP TABLE USER;--123.1234" all convert to 5551231234.
Note that you should proceed to validate the resulting numbers as well.In many cases, Encoding has the potential to defuse attacks that rely on lack of input validation.