Preventing Injection via Parameterized Filtering

Snippet

Preventing Injection via Parameterized Filtering

Input sanitization is a fundamental security practice. Using Regular Expressions to whitelist allowed characters ensures that malicious characters used in injection attacks are stripped before the data is used in commands or queries.

snippet.cs

csharp

using System.Text.RegularExpressions;
 
public string SanitizeInput(string input)
{
    // Allow only alphanumeric characters to prevent script or command injection
    return Regex.Replace(input, @"[^a-zA-Z0-9]", "");
}
 
public void ExecuteSafeCommand(string rawData)
{
    string cleanData = SanitizeInput(rawData);
    Console.WriteLine($"Executing with: {cleanData}");
}

Breakdown

Regex.Replace(input, @"[^a-zA-Z0-9]", "")

Replaces any character that is NOT a letter or a digit with an empty string.

string cleanData = SanitizeInput(rawData);

Ensures data is processed by the security filter before any execution occurs.

Previous snippet Next snippet

More Intermediate C# exercises →

From your library

Preventing Injection via Parameterized Filtering

Related