NET applications through the Regular Expression Validator control and the Regex class in the System. You can use regular expressions to restrict the range of valid characters, to strip unwanted characters, and to perform length and format checks.
You can constrain the input format by defining patterns that the input must match.
You can use them to constrain input, apply formatting rules, and check lengths. This How To shows how you can use regular expressions within ASP. Objectives Overview Using a Regular Expression Validator Control Using the Regex Class Common Regular Expressions Additional Resources If you make unfounded assumptions about the type, length, format, or range of input, your application is unlikely to be robust.
To validate input captured with server controls, you can use the Regular Expression Validator control. Input validation can become a security issue if an attacker discovers that you have made unfounded assumptions.
For detailed information on the Regular Expression Validator control, see the Regular Expression Validator class.The following example demonstrates how to use the Regular Expression Validator control to validate the value entered in a text box for a specific pattern.In this example, the pattern is a zip code with five digits.If you omit these markers, an attacker could affix malicious input to the beginning or end of valid content and bypass your filter. To use the Regex class For performance reasons, you should use the static Is Match method where possible to avoid unnecessary object creation.If you are not using server controls (which means you cannot use the validation controls) or if you need to validate input from sources other than form fields, such as query string parameters or cookies, you can use the Regex class within the System. The following example shows how to use a regular expression to validate a name input through a regular client-side HTML control.