Input Validation in ASP.NET? Bug or Not?


Recently I was pinged by a colleague in the security field and he asked me a question on why the Regular Expression Validator was not validating against Null values in a ASP.NET control.  I was able to reproduce the same behaviour on both Visual Studio 2003 and Visual Studio 2005 and it appears that Regular Expression do not validate against null value and you must use a Required Field Validator control for null values.  The reason behind this behaviour is in case you need to have optional controls on a large form but still want to do validation against them only if they are indeed not left blank. 


I would agree with Dana blog that is worth noting when using the Regular Expression Validator control against ASP.NET controls.

Comments (2)

  1. Mihailik says:

    "…and you must use a Regular Field Validator control for null values"

    — change Regular to Required here.

  2. mark pahulje says:

    Least Privilege Account and Random Security Enhancements to .NET 2.0 session was great!

    Mark.pahulje@bmo.com!

Skip to main content