• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Validating user input: checking for illegal characters

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I'm trying to validate user input gathered from a form with JavaScript, but am having difficulty with one field. I need to prevent a user entering any illegal characters in the text box. These illegal characters are:
white space [ ] ( ) = , " / ? @ : ;
So, for example the following is not allowed: group(1, 2?)
I think I should do this with a regular expression and have something like the following:
function checkInput(input) {
var illegalChars = new RegExp(/[\s[]()=,"/?@:;]/);
return input.test(illegalChars);
}
but would really appreciate it if someone who really knows JavaScript could help me out with this RegExp!
Thanks in advance,
Jill
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Jill,
I think you need to separate each special character with the or symbol. For example, [|]|(|) etc. Also, you need to escape the ? with \? because ? has a special meaning in regular expressions.
 
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Jill, I'm a firm believer in the paradigm that it is better to PREVENT the user from making a mistake instead of CORRECTION them when they do. To that end, the following function only allows a limited set of character to be entered into a text box or other input field:

Some examples of it's use:

The current function is case insensitive, some minor modifications will make it case sensitive if you need that capability.

Tom Blough
[ February 13, 2004: Message edited by: Tom Blough ]
 
Jeanne Boyarsky
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tom,
Would you still need to check at the end that the textbox contains only valid characters? What if the user typed ctrl-v to get the contents of the clipboard?
 
Tom Blough
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Good point, Jeanne! You would need to implement an onChange routine that would filter the pasted input as well.
Tom
 
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Be carefull about on change - there is a funny issue with it on IE
Let say you have the following code:
<input name="x" onchange="this.value=3;">
If you type, for example 2 in this field, than click somewhere else, onchange fires, and changes it to 3. So, you go to that field again, and delete this three, and type something, and click somewhere else - you would expect your onchange to fire. It will, for everything except 2 !!!. Somewhere deep inside IE doesn't take changes your script made into account to define does the value chnged or not.
By the way, personally, I would prefer to do validation server side.
Here is a reason - let say somebody out of "curiosity" sets values on your form directly using javascript - what would your server do?
If you server does not check what goes to a database, it could be a security hole. And if you validate it on server - why would you do it twice?
Simple example:
Let say you have a field named "City".
On server side you create a SQL like this:
"Select * from users where city='" + city + "'";
Now, user types in browser addres bar:
javascript:document.forms[0].City.value="';delete from users where city like '%";document.forms[0].submit();
Your query will look like:
"Select * from users where city='';delete * from users where city like '%'"
[ February 16, 2004: Message edited by: Yuriy Fuksenko ]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic