Input Validation

So last post I put up a link to a regex builder. What would you want to use a regular expression for? Regular expressions let you determine if a pattern of characters is a match. So you can test to see if a set of characters is numeric. A simple use for this would be to check to see if a telephone number typed into a form is a number and not letters. Or another way to say the same thing, is you can use a regular expression to check to see if input is valid.

In the example I just gave, the validation is primarily for the benefit of the user. We don’t want them to make a mistake when they type in the phone number, so we check it for them.

However input validation is a very important part of programming in general for security reasons. Anywhere there is input into a program, a text box on a web page for example, it is a place for someone to attack that system. In general, if there is no place to log in, there is no place to attempt to guess a password. However, user input is a critical part of computer applications.

Knowing that, we have to take precautions against malicious users who may try to use our inputs to inject harmful information such as foreign code into our system. One way to test input to make it is valid, is to use regular expressions as part of input validation.