If you are not using server controls (which means you cannot use the validation controls) or if you need to validate input from sources other than form fields, such as query string parameters or cookies, you can use the Regex class within the System. The following example shows how to use a regular expression to validate a name input through a regular client-side HTML control.
Regular expressions are much easier to understand if you use the following syntax and comment each component of the expression by using a number sign (#).
Regex regex = new Regex(@" ^ # anchor at the start (?
=.*\d) # must contain at least one numeric character (?
A ^ matches the position at the beginning of the input string and a $ matches the position at the end of the input string.
If you omit these markers, an attacker could affix malicious input to the beginning or end of valid content and bypass your filter. To use the Regex class For performance reasons, you should use the static Is Match method where possible to avoid unnecessary object creation.
The search() method uses an expression to search for a match, and returns the position of the match.In addition, the field length is constrained to 40 characters.Enclosing the expression in the caret (^) and dollar sign ($)markers ensures that the expression consists of the desired content and nothing else.To validate input captured with server controls, you can use the Regular Expression Validator control. Input validation can become a security issue if an attacker discovers that you have made unfounded assumptions.To validate other forms of input, such as query strings, cookies, and HTML control input, you can use the System. The attacker can then supply carefully crafted input that compromises your application by attempting SQL injection, cross-site scripting, and other injection attacks.It is provided as a courtesy for individuals who are still using these technologies.