Examining the Need for User Input Validation


In the past two hours, we've examined a number of ways to collect user input. In Hour 10, "Using Text Boxes to Collect Input," we saw how to use the TextBox Web control to collect text input; in Hour 11, "Collecting Input Using Drop-Down Lists, Radio Buttons, and Check Boxes," we saw how to use DropDownList, RadioButton, and CheckBox Web controls to collect user input that was restricted to one or more items from a predefined list of items.

Typically, when collecting user input, we want the input to be in a certain format or to conform to some set of guidelines. Input validation is the process of ensuring that the data entered by a user is in the proper format and/or meets certain constraints.

For example, imagine that you wanted to collect the following information from a user:

  • Name

  • Age

  • ZIP code

To collect this input, you would probably want to use three TextBox Web controls, one for each of the three inputs. When presented with a text box, clearly users can enter any value they choose. Or users may enter no input at all. That is, when asked to input his age, a user could choose not to enter any value. On the other hand, the user may choose to enter 24. Or, instead of entering 24, the user may use an alternative representation for 24, like twenty-four. Or, the user might enter something nonsensical, like I am a Jisun.

More likely than not, we would want the age entered as a number because a number is less ambiguous than a string. (That is, 24 is unambiguous, because it's the only numerical way to specify the value 24; with text, however, 24 can be written as twenty-four, twenty four, Twentyfour, Twenty Four, and so on.) Furthermore, a number can be used in mathematical calculations, whereas a string like "twenty-four" cannot.

Even if we can ensure that users will enter their age as a number, users can still enter bad input. For example, values like 3,456,354.14159, 750, and 0.576 are valid numbers, but not valid ages.

Types of Input Validation

The validation requirements for age input show that there are different classes of input validation. For example, ensuring that users enter a value for the age input and ensuring that the age is entered as a number are both considered forms of input validation, but they differ in that the former simply checks to see whether a value is entered, and the latter ensures that the entered data is in a predefined format.

Input validation can be broken down into five distinct classes. Let's take a moment to examine these five classes.

Required Field Input Validation

The first type of input validation is required field validation. Required field validation is used to ensure that the user has entered a value for a particular input. For example, when users are filling out shipping information at an eCommerce website, required fields would include the street address, city, state, and ZIP code the package was being shipped to; optional fields might include special shipping instructions.

By the Way

Manywebsites that allow visitors to sign up to create an account have many required fields that the users must fill out in order to create their account. Typically, these required fields include email address, age, gender, and other such information.


Data Type Validation

For numeric inputs it is often important that the input be entered as a number, not a string. That is, when users are prompted for the year they were born, it is important that they enter the year as four digits, like 1978, as opposed to a string, like "Nineteen seventy eight".

Humans think in terms of language, whereas computer programs work in terms of data. Data type validation helps ensure that the text entered by the user can be converted into a suitable data format the computer program expects.

Range Input Validation

For certain numeric inputs, it is important that the resulting input fall within a certain range of values. For example, if a user is prompted for her age, we might want to ensure that it's between the values 0 and 150.

Comparison Validation

Another typical input validation for numeric inputs is a comparison validation. For example, if users are asked to enter their salary, we might want to make sure that the number entered is greater than or equal to 0.

Alternatively, we may want to compare the value of one user input with the value of another user input. An example here might be if users are asked to enter their total income for a particular year and then are later asked to enter how much their income tax was for that same year. Clearly, a person's income taxes can't amount to more than her total income. Therefore, we may want to ensure that the number the user entered for a particular year's income tax is less than the number entered for that same year's total income.

Pattern Validation

Certain types of string input must conform to a particular format. For example, if users are asked to enter their phone number, you might want to ensure that they enter it in the following format, where each X is a digit:

(XXX) XXX-XXXX 


Did you Know?

Clearly, there are alternative ways to provide a phone number, such as

XXX-XXX-XXXX 


Typically, though, data that has numerous legal formats should always be recorded in one specific format. This makes it easier to search the data. For example, imagine that you are storing the phone numbers entered by your web visitors. If all phone numbers are required to be entered in the format (XXX) XXX-XXXX, it is much easier to search for all phone numbers in, say, a certain area code, than it would be if phone numbers could be entered in a myriad of formats. (The area code is the first three digits of the phone number.)





Sams Teach Yourself ASP. NET 2.0 in 24 Hours, Complete Starter Kit
Sams Teach Yourself ASP.NET 2.0 in 24 Hours, Complete Starter Kit
ISBN: 0672327384
EAN: 2147483647
Year: 2004
Pages: 233

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net