I need validation to fail on an apostrophe entered into a textbox for my regularexpression validato

[hamsterchaos]

<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*


I need

"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

Many thanks,
Chris

 

[Jesse Houwing]

Hello (e-mail address removed),

<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need

"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

The expression must capture what it should be, not what it shouldn't be.
In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed characters
in there if needed.

I do wonder why you want to exclude these characters. If it is to prevent
SQL injection or cross site scripting, then adding a regex validator to your
textboxes isn't the best idea to employ.

 

[hamsterchaos]

Hello (e-mail address removed),

<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need

"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

The expression must capture what it should be, not what it shouldn't be.
In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed characters
in there if needed.

I do wonder why you want to exclude these characters. If it is to prevent
SQL injection or cross site scripting, then adding a regex validator to your
textboxes isn't the best idea to employ.

that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?

BTW thanks for helping

 

[hamsterchaos]

Hello (e-mail address removed),

The expression must capture what it should be, not what it shouldn't be.
In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed characters
in there if needed.

I do wonder why you want to exclude these characters. If it is to prevent
SQL injection or cross site scripting, then adding a regex validator to your
textboxes isn't the best idea to employ.

that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?

BTW thanks for helping

Excuse my terrible touch typing spelling

 

[Jesse Houwing]

Hello (e-mail address removed),

Hello (e-mail address removed),

<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need
"Chris's mail"

to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.

Can you help?

The expression must capture what it should be, not what it shouldn't
be. In your case that's quite easy:

^[a-zA-Z0-9 ]+$

any alphanumeric character or space. You can add other allowed
characters in there if needed.

I do wonder why you want to exclude these characters. If it is to
prevent SQL injection or cross site scripting, then adding a regex
validator to your textboxes isn't the best idea to employ.

that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?

BTW thanks for helping

Excuse my terrible touch typing spelling

My spelling isn't what it used to be either at times, so you're forgiven .

The best way to avoid SQL Injection is to use parameterized queries or stored
procedures. That way the SQL engine itself handles the parameters and SQL
injection is near impossible. It also makes your life a lot easier on the
UI side, as there's no need to think up 300 validator messages that make
sense for each text control you need to validate.

so instead of using

string sql = "select * from users where username = '" + usernameVariable
+ "'";
SqlCommand cmd = connection.CreateCommane(sql);


use

string sql = "select * from users where username = @username";
SqlCommand cmd = connection.CreateCommane(sql);
cmd.AddparameterAndValue("@username", usernameVariable);

 

[hamsterchaos]

Hello (e-mail address removed),

On 5 Nov, 14:46, "(e-mail address removed)" <[email protected]>
wrote:

On 5 Nov, 13:44, Jesse Houwing <[email protected]>
wrote:
Hello (e-mail address removed),
<asp:RegularExpressionValidator id="valRegEx" runat="server"
ControlToValidate="textbox1"
ValidationExpression=" "
ErrorMessage="* Please only enter alphanumeric values and make sure
you are not entering in any apostrophes."
display="dynamic">*
I need
"Chris's mail"
to fail the above validation - which I believe means I need the
regular expression to return a no match on the above line.
Can you help?
The expression must capture what it should be, not what it shouldn't
be. In your case that's quite easy:
^[a-zA-Z0-9 ]+$
any alphanumeric character or space. You can add other allowed
characters in there if needed.
I do wonder why you want to exclude these characters. If it is to
prevent SQL injection or cross site scripting, then adding a regex
validator to your textboxes isn't the best idea to employ.
--
Jesse Houwing
jesse.houwing at sogeti.nl
that is exactly what im trying to do - avoid sql injections - waht
woudl you reccomend fine sir?
BTW thanks for helping

Excuse my terrible touch typing spelling

My spelling isn't what it used to be either at times, so you're forgiven .

The best way to avoid SQL Injection is to use parameterized queries or stored
procedures. That way the SQL engine itself handles the parameters and SQL
injection is near impossible. It also makes your life a lot easier on the
UI side, as there's no need to think up 300 validator messages that make
sense for each text control you need to validate.

so instead of using

string sql = "select * from users where username = '" + usernameVariable
+ "'";
SqlCommand cmd = connection.CreateCommane(sql);

use

string sql = "select * from users where username = @username";
SqlCommand cmd = connection.CreateCommane(sql);
cmd.AddparameterAndValue("@username", usernameVariable);

thanks = )