⑷ checks the lawful sex that the user inputs, the content that believes firmly an input includes lawful data only. Data examination ought to be carried in the client and server end carries out —— to want to carry out a server to carry test and verify, it is to make up for a client to carry the security with flimsy mechanism of test and verify.

In client end, aggressor obtains the source code of the webpage completely likely, modification test and verify is lawful sexual script (perhaps delete script) directly, refer illegal content the server through revising the watch sheet after next. Accordingly, want to make sure operation of test and verify has been carried out really, only way also carries out test and verify in server end namely. You can use targets of a lot of built-in test and verify, for example RegularExpressionValidator, they can generate the client that test and verify uses automatically to carry script, of course the method that you also can insert a server to carry is called. If cannot find target of off-the-peg test and verify, you can found through him CustomValidator.

⑸ adds the data such as user entry name, password close save. Add the data that close user inputs, compare it and the data that save in the database again next, the data that this is equivalent to be being inputted to the user undertook “ disinfects ” processing, the data that the user inputs has any special senses to the database no longer, also prevented command of aggressor infuse SQL thereby. System.Web.Security.FormsAuthentication kind have a HashPasswordForStoringInConfigFile, special agree with to undertake alexipharmic handling to data-in.

The record amount that the inquiry of data of ⑹ examination extraction returns. If the program asks to return a record only, but the record that returns actually outstrips party however, that should make wrong processing.