Reputation: 1030

How to test QueryString

I have a query string called propID and I wanna check if the passed value in it is a legal integer or not to avoid throwing an error that might reveal info about my database, how can I do it?

In other words, I want something like -but in vb.net- :

IF QueryString("propID").Content.Type = "int32" Then Proceed

Upvotes: 3

Answers (5)

M. Jahedbozorgan

Reputation: 7054

C# version:

int _PropID;
if (int.TryParse(QueryString["propID"], out _PropID))
{
    //Proceed with _PropID
}

Upvotes: 1

Scott Lance

Reputation: 2249

You could try the 'is' keyword to check the type of on object.

If QueryString("propID").Content.Type Is Int32 Then Proceed

Otherwise Int32.TryParse would work as well.

Upvotes: 1

BobbyShaftoe

Reputation: 28499

You can just use Int32.TryParse.

Upvotes: 1

TheTXI

Reputation: 37875

Dim result as boolean
result = integer.tryparse(QueryString("propID"), myintegervariable)

boolean will return true if it parsed correctly (putting the value into your myintegervariable) and will return false if the parsing failed.

You can also write is as

if integer.tryparse(QueryString("propID"), myintegervariable) then
    //continue going along with myintegervariable
else
   //parsing didn't work
end if

Upvotes: 5

Chris Van Opstal

Reputation: 37537

You could use TryParse:

Dim myInt As Integer
If Int32.TryParse(QueryString("propID").Content, myInt) Then Proceed

Upvotes: 9

How to test QueryString

Answers (5)

Related Questions