How can I validate user input in ASP.NET?

Question

I am using visual studio 4.6.01038, and I am pretty new in ASP.NET. I have a very simple registration page where user inputs his name, street and telephone number. I want to control the input in the input box so that user must have to write it in certain way.

1) name/username field must NOT be blank, and must NOT contain numbers

2) street name shall start with letters, then it should be a space, then it should be a number, e.g. street 12

3) the phone number must ONLY contain numbers

If the user choose other than these formats, he will be asked to enter again. Now, all those being said, I am looking for a simpler way to do it. [May be from properties tab of that particular text field?] Or If I do it programmatically, where should I do it and how?

Here is the code I am working on:

Register.aspx:

    <form id="form1" runat="server">
    <div>
     Name<asp:TextBox ID="namebox" runat="server" OnTextChanged="namebox_TextChanged"></asp:TextBox>
        <br />  <br />
&nbsp;Street<asp:TextBox ID="streetbox" runat="server"></asp:TextBox>
        <br />  <br />
 Phone Number  <asp:TextBox ID="phonebox" runat="server"></asp:TextBox>
 <asp:Button ID="Button1" runat="server" Text="Register" OnClick="Button1_Click" /><br />
        <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
        <br /><br />

    </div>
    </form>

Register.aspx.cs:

  protected void Button1_Click(object sender, EventArgs e)//register button
    {
        try
        {
            SqlCommand myCommand = new SqlCommand();
            //SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings("Data Source=(LocalDB);MSSQLLocalDB;AttachDbFilename=|DataDirectory|;Database.mdf;Integrated Security=True"));

            SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\lab1.mdf;Integrated Security=True");
            //SqlConnection conn = new SqlConnection("ConnectionStringBooks");
            conn.Open();

            myCommand = new SqlCommand("INSERT INTO userdata(username, street, telephonenum) VALUES ('" + namebox.Text + "','" + streetbox.Text + "','" + phonebox.Text + "')", conn);

            myCommand.ExecuteNonQuery();
            Response.Redirect("~/Store.aspx?name="+namebox.Text+"");
        }
        catch (Exception ex)
        {
            Label1.Text = ex.Message;
            Label1.Visible=true;
        }

    }

Answer 1

You can use Regex in the button click event.

To use Regex in C# you'd create a new Regex object:

Regex regex = new Regex([expression]);

And then check whether a string matches the expression:

if(regex.match([string])){
     //ACCEPT DATA
}else{
     //REFUSE DATA
}

The expressions you'd need are:

• Name/Username: /\D+/
• Phone Number: /\d+/
• Street: /\1(\D)\2(\s)\3(\d)/

I'd couple this with the required field validator mentioned by Oli:

<asp:RequiredFieldValidator ID="rfvcandidate" 
runat="server" ControlToValidate ="ddlcandidate"
ErrorMessage="Please choose a candidate" 
InitialValue="Please choose a candidate">

I don't believe my answer for street will be the most efficient, I am fairly new to Regex, so I would be interested if someone was to suggest something better! My reasoning for saying this is that the regex I have provided will pass if it see's 'Street 12' because it matches 't 1'. So it doesn't stop someone entering 'Street 12 Street 12 Street 12'.

A good website for Regex seems to be: http://regexr.com

Answer 2

ASP.NET validation controls validate the user input data to ensure that useless, unauthenticated, or contradictory data don't get stored.

<asp:RequiredFieldValidator ID="rfvcandidate" 
   runat="server" ControlToValidate ="ddlcandidate"
   ErrorMessage="Please choose a candidate" 
   InitialValue="Please choose a candidate">

</asp:RequiredFieldValidator>

use link below: http://www.tutorialspoint.com/asp.net/asp.net_validators.htm