Validating numeric input
Here are some examples: If you expect a phone number, you can strip out all non-digit characters.
The idea is that you should check that the data is one of a set of tightly constrained known good values. Data should be: This strategy, also known as "negative" or "blacklist" validation is a weak alternative to positive validation.
For example, if you use HTML entity encoding on user input before it is sent to a browser, it will prevent most XSS attacks.
However, simply preventing attacks is not enough - you must perform Intrusion Detection in your applications.
These definitions are used within this document: Ensure that data is not only validated, but business rule correct.
For example, interest rates fall within permitted boundaries.If you want text from a user comment form, it is difficult to decide on a legitimate set of characters because nearly every character has a legitimate use.