Re: Validation

From: AIM48 (AIM48_at_discussions.microsoft.com)
Date: 12/21/04 

Date: Mon, 20 Dec 2004 19:27:01 -0800

Yes - A bit awkward to use try/catch for regular logic flow but thats the way
its got to be done in .net 1.x

2.0 has int32.TryParse which will retrun a bool if it is a int

"William F. Robertson, Jr." wrote:

> The parse will fail if it isn't an int, so you could wrap it in a try catch
> block to determine if it is an int.
>
> string id = Request.QueryString["ID"];
>
> if ( id != null && id.Length != 0 )
> {
> try
> {
> int m_TaskID = Int32.Parse( id );
> mystuff(); //this will only execute when the parse happens
> correctly.
> }
> catch( FormatException )
> {
> //it is not an int
> }
> }
>
> Commentary:
> Request.Querystring[] might return null, so you can not safely call
> ..ToString() on it. Also, it returns a string already, so there is no need
> to call .ToString() on it.
>
> Also I never check a string to String.Empty. It is much faster to check the
> property .Length to 0.
>
> Now in version 2.0, there will be a method call .TryParse() that will return
> true or false for you and save you the exception trap, but that isn't slated
> this summer 05
>
> HTH,
>
> bill
>
> "Franck Diastein" <fdiastein@euskaltel.net> wrote in message
> news:OWr0kmr5EHA.4008@TK2MSFTNGP15.phx.gbl...
> > Hi,
> >
> > How can I securely validate the Id's I receive with QueryString ?
> >
> > This is what I do now:
> >
> > if ( Request.QueryString["ID"].ToString() != string.Empty ) {
> > m_TaskID = int.Parse(Request.QueryString["ID"].ToString() );
> > mystuff();
> > }
> >
> > With this I only validate that I'm receiving something, but hao can I
> > check the value received is int ?
> >
> > TIA
>
>
>

Relevant Pages