ASP Clean User Input

As webmasters we learn to LOVE the visitors to our website. They are our bread and butter, they are the reason we keep tweaking every Aspect of our site looking for the perfect Balance of features and useability to keep them comming back. It can be very hard for us to think of them as cunning, malicious attackers but for security sake that is exactly how we need to think of anyone who is going to enter data on a webform. For that matter if we are consuming any feeds from other sources it would be a good idea to put these through a validation process as well to guard against malicious code that was inserted into someone elses site. There are 2 main kinds of attacks that we can fall prey to with user inputed data. The first can cause a security Breach on our server and allow unsafe code to be executed. This can result in information being stollen, deleted, or otherwise compromised. The second issue can arise with user inputed data that is displayed somewhere on our site for other visitors to see. This data can have JavaScript inserted into them that can compromise the security of our visitors systems and it would appear the attack came from our site. This kind of attack can come from forum, article, or even comment insertion forms. All of the issues with user input can be solved by validating the data that they input. Sometimes these methods are called "Cleaning", or "Sanitizing" the input, but of course we don`t want to think of our visitors as dirty so we will call it validating. Of course actual data validation would include checkign the content type and length but we`ll get to that.