A Best Practice That Does Not Use Regular Expressions

One way to enforce that input is always validated prior to being accessed is by using languages that support classes, such as C++, C# and Visual Basic .NET. Here's an example of a UserInput class written in C++:

#include <string> using namespace std; class UserInput { public: UserInput(){}; ~UserInput(){}; bool Init(const char* str) { //add more checking here if you like if(!Validate(str)){ return false; } else { input = str; return true; } } const char* GetInput(){return input.c_str();} DWORD Length(){return input.length();} private: bool Validate(const char* str); string input; };

Using a class like this has a number of advantages. First, if you see a method or function that takes a pointer or reference to a UserInput class, it's obvious that you're dealing with user input. The second is that there's no way to get an instance of this class where the input has not passed through the Validate method. If the Init method is never called or fails, the class contains an empty string. If you wanted to, you could create such a class with a Canonicalize method. This approach might save you time and bug-fixing because you can ensure that input validation always takes place and is done consistently.