input-validation

How to validate a data field for A-Z, 0-9 and "*" in SQL Windows?

I'm trying to define the input mask for a field in SQL Windows. I now that setting "AAA" would make the field accept anything from A to Z; "999" would make it accept any number. But how do I make it able to accept the "*" char? ...

a quick question about url validation

I don't really want to use curl or anything complex like that. I was looking for a simple way to check if the url (User will enter the url and it is then stored in my MySQL database) is valid and that it is a valid url i.e. the domain exists. Is fopen a good solution? Any tutorials or tips on this would be greatly appreciated. ...

Input validation check

In my website I have a forum, and I want to avoid cross site scripting. Do you know a good input validation script? ...

ASP.NET Javascript Error on Input

My ASP.NET page has an <asp:TextBox /> whose text input is encoded via HttpUtility.HtmlEncode(); The page also contains validators such as <asp:RequiredFieldValidator /> and <asp:CustomValidator /> as well as several AJAX toolkit <toolkit:ValidatorCalloutExtender /> If the user inputs </ as the text in the textbox, a Javascript error ...

how create asp.net mvc custom model validation that is working with 2 or more field

I need following attributes: 1.For example: i have 2 field. first is checkbox, second is textbox. If first control checked. second field must be Required attribute. first control unchecked. second control not required. [Required] public boolean showHeader{get;set;} [IFRequired("showHeader",true)] public string HeaderText{get;set;} 2...

How do I exploit "EXEC @sql"?

My co-worker is being unsafe with his code and is allowing a user to upload an SQL file to be run on the server. He strips out any key words in the file such as "EXEC", "DROP", "UPDATE", "INSERT", "TRUNC" I want to show him the error of his ways by exploiting his EXEC ( @sql ) My first attempt will be with 'EXEXECEC (N''SELECT ''You D...

Detect SQL Injection

I came to a company that already has a fully grown project... but coders that worked here before me didn't follow conventions and didn't use parametrized SQL queries... as a result there is over 1000 places in a very huge project that can possibly be vulnerable to SQL injection... I need to find a solution that will automatically detec...

As3 input-field number condition

Hello I'm trying to validate a flash form. In one case I need to know how to check if the value is a number. If someone could show me this if-sentence, i would be very grateful! :) ...

String tokenizer, sanitize input?

I'm working on a program that takes in book records in the form <book #>,<name>,<publisher> for example 123,Example Book,Publisher After which, the user is returned to a menu, using numbers to select what option they would like. i get an java.util.InputMismatchException on this menu, whenever the string is taken in with a space. s...

Checking input values for special symbols.

I am having two text fields in my form. The data to be entered in the field are Name and City respectively. I want to check that the user has not entered any special symbols like !,@,#........ i.e, the only thing user should enter must be belonging to a-z,A-Z, though the user can enter Underscore(_), but no numbers, no special symbols. ...

Filtering out invalid user inputs

I'm trying to filter out invalid user inputs in a small C++ program using the following chunk of code: int selection = -1; while (!(selection >= 1 && selection <=4)) { cin >> selection; if (!(selection >= 1 && selection <=4)) { cout << "invalid selection!" << endl; cout << ...

I'm building an API/Framework in C#, how should I return validation error messages when properties are set to an invalid value?

I'm building an API in C#, how should I return validation error messages when properties are set to invalid values? Should I throw exceptions or do something else? What do you recommend? I could use the AggregateException class from the Task Parallel Library so I can throw more then one at a time. What are the best practices? ...

Where is the best place to put validation logic given this application design?

Consider an ASP.NET MVC 2 web application project that uses EF4 POCO entities and the repository pattern to store information in a SQL Server database. So far there are 3 projects, 4 if you count the database: 1.) Domain.dll, has no dependencies, exposes POCO's and repository interfaces. 2.) Storage.dll, depends on Domain, implements ...

Programmatically show asp:RequiredFieldValidator.

I have a form. I am validating user input on client side and server side in case if any naughty user bypasses client side validation. I am using asp.net's RequiredFieldValidators. I have set them to dynamic. They display fine on client side if form fails validation. But if I try to bypass client side validation, they never show up, even ...

Output or Input filtering?

Output or Input filtering? I constantly see people writing "filter you inputs", "sanitize your inputs", don't trust user data, but I only agree with the last one, where I consider trusting any external data a bad idea even if it is internal relative to the system. Input filtering: The most common that I see. Take the form post data or ...

Wicket and backend validations

We have validation rules written in Drools at a backend. Rules are written against Domain model. We would like to have rules at one place only. So we have created class which looks like: public class ModelItem<T> { private String userInput; private T value; .... } And we've extended converters so If conve...

How to determine when input is alphabetic?

I been trying to solve this one for a while and can't seem to make it work right.. here is my current work while True: guess = int(raw_input('What is your number?')) if 100 < guess or guess < 1: print '\ninvalid' else: .....continue on Right now I have made it so when a user input a number higher than 1...

Need to validate Textbox to enter certain condition using Javascript

Hi all, Need to validate textbox using javascript as below condition : Length of the letter should be atleast 6 First Letter should be Capital Atleast One Numeric value should be there Atleast one special character should be there How to do that? ...

Architecture: Where to sanitise uploaded file names?

I'm trying to change the way we handle uploaded files before storing them to disk. We have had some problems when users from non-windows operative systems upload files with characters that are illegal in windows file names. The idealist in me tells me that file names should be made legal as close to the web layer as possible. Thus we u...

N-tier question: Where do you do the variable casting?

Our UI exposes user input as strings. All of them, including dates and numbers, are coming as strings. The question is: is it better to convert these to the appropriate type (datetime, int, etc) in the UI (and then pass converted var to the BLL methods), or in the BLL itself? ...