I need validation to fail on an apostrophe entered into a textbox for my regularexpression validato

H

hamsterchaos

<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*


I need

"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

Many thanks,
Chris
 
J

Jesse Houwing

Hello (e-mail address removed),
<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need

"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

The expression must capture what it should be, not what it shouldn't be.
In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed characters
in there if needed.

I do wonder why you want to exclude these characters. If it is to prevent
SQL injection or cross site scripting, then adding a regex validator to your
textboxes isn't the best idea to employ.
 
H

hamsterchaos

Hello (e-mail address removed),
<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need
"Chris's mail"
to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.
Can you help?

The expression must capture what it should be, not what it shouldn't be.
In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed characters
in there if needed.

I do wonder why you want to exclude these characters. If it is to prevent
SQL injection or cross site scripting, then adding a regex validator to your
textboxes isn't the best idea to employ.

that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?

BTW thanks for helping
 
H

hamsterchaos

Hello (e-mail address removed),
The expression must capture what it should be, not what it shouldn't be.
In your case that's quite easy:
^[a-zA-Z0-9 ]+$
any alphanumeric character or space. You can add other allowed characters
in there if needed.
I do wonder why you want to exclude these characters. If it is to prevent
SQL injection or cross site scripting, then adding a regex validator to your
textboxes isn't the best idea to employ.

that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?

BTW thanks for helping

Excuse my terrible touch typing spelling
 
J

Jesse Houwing

Hello (e-mail address removed),
Hello (e-mail address removed),

<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need
"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

The expression must capture what it should be, not what it shouldn't
be. In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed
characters in there if needed.

I do wonder why you want to exclude these characters. If it is to
prevent SQL injection or cross site scripting, then adding a regex
validator to your textboxes isn't the best idea to employ.
that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?

BTW thanks for helping
Excuse my terrible touch typing spelling


My spelling isn't what it used to be either at times, so you're forgiven :).

The best way to avoid SQL Injection is to use parameterized queries or stored
procedures. That way the SQL engine itself handles the parameters and SQL
injection is near impossible. It also makes your life a lot easier on the
UI side, as there's no need to think up 300 validator messages that make
sense for each text control you need to validate.

so instead of using

string sql = "select * from users where username = '" + usernameVariable
+ "'";
SqlCommand cmd = connection.CreateCommane(sql);


use

string sql = "select * from users where username = @username";
SqlCommand cmd = connection.CreateCommane(sql);
cmd.AddparameterAndValue("@username", usernameVariable);
 
H

hamsterchaos

Hello (e-mail address removed),


On 5 Nov, 14:46, "(e-mail address removed)" <[email protected]>
wrote:
On 5 Nov, 13:44, Jesse Houwing <[email protected]>
wrote:
Hello (e-mail address removed),
<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need
"Chris's mail"
to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.
Can you help?
The expression must capture what it should be, not what it shouldn't
be. In your case that's quite easy:
^[a-zA-Z0-9 ]+$
any alphanumeric character or space. You can add other allowed
characters in there if needed.
I do wonder why you want to exclude these characters. If it is to
prevent SQL injection or cross site scripting, then adding a regex
validator to your textboxes isn't the best idea to employ.
--
Jesse Houwing
jesse.houwing at sogeti.nl
that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?
BTW thanks for helping
Excuse my terrible touch typing spelling

My spelling isn't what it used to be either at times, so you're forgiven :).

The best way to avoid SQL Injection is to use parameterized queries or stored
procedures. That way the SQL engine itself handles the parameters and SQL
injection is near impossible. It also makes your life a lot easier on the
UI side, as there's no need to think up 300 validator messages that make
sense for each text control you need to validate.

so instead of using

string sql = "select * from users where username = '" + usernameVariable
+ "'";
SqlCommand cmd = connection.CreateCommane(sql);

use

string sql = "select * from users where username = @username";
SqlCommand cmd = connection.CreateCommane(sql);
cmd.AddparameterAndValue("@username", usernameVariable);

thanks = )
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top