Further to the "validation on string" post below
-
I have to say that, given the importance of validating user input against SQL Injection, XSS and the like, that someone (.. Microsoft themsleves, as a .NET class) haven't written a comprehensive class library to take care of this. Client side validation doesn't count - though having said that, the routines used for that must go some way at least towards a solution. I know that the new .NET validation server controls can validate server-side, but they still expect the user to define (too much) in terms of pattern matching, for example. i.e., they are too complex; what is really needed is something much simpler that just returns True or False depending on whether the input is a potential threat in terms of SQL Injection or XSS. Whether they've entered the correct data in the correct field is another issue. I know it's a tricky task, but surely not beyond the wit of one of you eggheads out there :) But perhaps I've missed it, and there are such libraries available...