Hello Lit,
Hi Jesse,
I am using the following so far and it seems to work
(?=^.{8,}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\!\[\]@#$%^&*()_+\-={
}\
\|;':",./<>?`~])([0-9a-zA-Z\!\[\]@#$%^&*()_+\-={}\\|;':",./<>?`~])*$
-- this gives me more control for sql injection issues.
This works also
^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\W]).*$ but Not the
Underscore character... by definition I think. OK.
However how to re-write it so it works with all engines??????
thank you for your help
I just looked in the Regular Expression Pocket Reference (a must have
little book if you need to write multi platform regexes at some poitn
in your career) and Look aheads (?=...) and (?!...) are supported by
the Javascript spec, though it does not mention from which version
onwards (couldn't find that on teh net eiter, but modern browsers
should all work I guess). I must have confused look behinds (which
aren't supported) (?<=...) and (?<!...). More information on look
arounds can be found here:
http://www.regular-expressions.info/lookaround.html
http://www.regular-expressions.info/lookaround2.html
As I said, if you split it into seperate regex validators each taking
one part of the expression, you'll be more flexible. Leaving the
expression easier to read as well and you'll be able to provide the
user with more specific feedback.
ensures there is at least a lower case character
^.*[a-z].*$
ensures there is at least an upper case character
^.*[A-Z].*$
ensures there is at least a number (can also be written as ^.*\d.*$)
^.*[0-9].*$
ensures there is one of your required punctuation characters, just
include
the underscore if you want it. (in serverside only mode you could use
^.*\p{P}.*$ to capture all possible punctuation).
^.*[\W_].*$
for length checks use a RangeValidator. Also check for the maximum
length.
Your field in the DB will surely have a max length.
Apart from the whole issue of the regex and if it will work, I would
not be trusting regex validators on your input to prevent SQL
injection. You're better off making sure you have all your parameters
being passed using the Parameters collection of the DBCommand objects
you're using. That will protect you an awful lot more than any regex
on the input. Also note that the input is restricted to at least one
of the above groups, but that the actual input is free. the first
group .{8,} allows basically any characters as long as there are more
than 8. So if I put in '/*Aa9-*/; drop database; it should still
accespt it. No protection what so ever when you're not using proper
DBParameters.
See
http://msdn2.microsoft.com/en-us/library/yy6y35y8(VS.80).aspx for
an explanation on commands and parameters.
Jesse Houwing
Lit
Hello Alexey,
Tried this
(?=^.{8,30}$)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()_+}{""
:;
'?
/>.<,]?).*$
and it does NOT work
Any Ideas?
Thank You,
Lit
Hi,
I am looking for a Regular expression for a password for my
RegExp ValidationControl
Requirements are,
At least 8 characters long.
At least one digit [0-9]
At least one upper case character [A-Z]
At least one lower case character [a-z]
At least one special character:
[]{};':",./?><=+-_)(*&^%$#@!~`
---
this is difficult?
How do you escape []() etc... \[?
Thank you,
Lit- Hide quoted text -
- Show quoted text -
This should work
^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])
(?=.*[\[\]{};':\",\.\/\?\>\<\=\+\-_\)\(*&\^\%$#@\!~`]) .{8,30}$
One of the errors in your expression is that the special
characters
like ! ? $ etc. you don't marked with leading \
There is no need to escape them in a character class.
Lit, which part of the regex isn't working. Have you tried the
separate parts?