I receive numeric variables in my queryString.
I'm doing validation with the following code:
if (!String.IsNullOrEmpty(Request.QueryString["num"]))
if (!int.TryParse(Request.QueryString["num"],out value)
throw SecurityError;
Is that validation safe enough? Is it the most efficient? (Let's assume that every int number I get is valid)
The only case you are not handling in the above code is when no 'num' is passed in the query string. I'm not sure what you want to do in this case, but you could remove the outer if block, so that your exception is thrown if the parameter is not passed at all.
if (!int.TryParse(Request.QueryString["num"],out value)
throw SecurityError;
Also, 'SecurityError' would seem a strange type of exception to throw in the case of a non-numeric argument.
Otherwise it looks fine.
It is safe and efficient. You could even remove the first if:
if (!int.TryParse(Request.QueryString["num"], out value)
throw SecurityError;