Constructing a Validation Function in Visual Basic

A validation function determines whether or not a string meets certain requirements. This topic discusses the properties of validation functions, and describes how to create and use validation functions.

A string that you are attempting to validate falls into one of three categories:

  1. Provably valid.

  2. Provably not valid.

  3. Not provably valid or not valid.

It is clear what a validation function should do with strings in the first two categories; the third category is more troublesome.

Validation functions can be grouped into two categories, depending on how they treat strings in the third category:

  • Conservative validation functions. These functions validate only strings that can be proven to be valid.

    You must use conservative validation functions when your application relies on the string for security. For example, do not create a filter that attempts to filter out only unacceptable elements—it is difficult to anticipate every possible bad input. Instead, if you do create a filter, create one that has a defined list of acceptable input.

  • Permissive validation functions. These functions validate all strings unless they are provably not valid.

    In most situations that are not security-related, such as storing a user's profile, you can use permissive validation functions, which are more flexible and user-friendly than conservative validation functions.

You can use the .NET Framework Regex regular-expression class to determine if a string matches a certain pattern or contains a certain pattern.

When validating a string, the regular expression must start with the ^ character. This instructs the regular-expression engine to start matching the specified pattern at the start of the string.

Community Additions