user1774333
Reputation: 41
Best way to Sanitize user input
What is the best way to sanitize input in asp.net application using whitelisting of characters?
Upvotes: 2
Views: 2559
Answers (1)
Ted Krapf
Reputation: 463
A starting point / good practice:
HtmlEncode will handle converting all the html tags to harmless values like: <
Always use SQL parameters instead of string concatenation to avoid SQL injection. (Entity Framework or LINQ does this for you)
I was always taught: don't try to reinvent the wheel with fundamentals (e.g. building your own sanitization solution), but stand on the shoulders of giants. Smarter minds than me develop toolboxes for input sanitization, cryptography, random generators. Writing one myself has a high likelihood of being error prone.
Upvotes: 3
Related Questions
- Good way to sanitize input in classic asp
- Sanitize user inputs destined for email
- Sanitize registration input?
- Input sanitization with MVC Razor - how to be safe?
- User input sanitisation in asp.net
- Where to process/sanitize database input in ASP.NET MVC3
- cleaning user input in asp.net (mvc3) to make it safe
- What to do for input sanitization?
- asp.net sanitizing user input
- Cleanup user input library .NET