Free Guides
Language Tutorials
ASP ( Active Server Pages )
Index
Checking for patterns and validating the user inputs using Regular Expression
Regular expressions is a powerful object of VBScript to use in
any string matching and particularly in pattern matching. This is
highly important to maintain data uniformity and prevents any
malicious code or characters to enter to the system other than the
required patterns.
If user inputs are not validated the attackers can use this to get
entry inside the protected area and this is known as injection
attack.
For example we don't want any one to use any character inside the
field specified for entering zip or pin code inside a form. Same way
for a phone number we may allow hyphens (- ) and numbers but not
characters. User id should contain only number and characters and it
should be minimum 3 and maximum 8 char length. We can check one
valid email address by checking the pattern used.
Regular Expression is a big subject and there are different ways to
match patterns here. More details can be found at
Microsoft MSDN home
page and at regular expression tutorial
We need to first initiate the VBScript regular expression object and
here is the code for that.
We will see the use of this object in our examples for validating
different inputs.
Let us start with some simple validations using regular expression.
Validating for user id & password: Here we will allow only
characters and numbers within a minimum and maximum length
Validating Email address
Validating date entered by users
Validating zip code
Validating telephone number
Checking user id and password for only character and numbers using Regular Expression
We can check the entered user id of any user within a web form by
using Regular Expression. This is to prevent user or attacker to use
other characters and codes in the input field. Here we will check
for special characters but checking for special characters and then
for length is a bit lengthy process so we will check for existence
of characters, numbers and number of characters used.
We can imitate the regular expression object of VBScript like this.
By using this object we can check any string.
Here is the complete code. The output of this is true or false based
on the result of validation.
Dim userid
dim RExp : set RExp = new RegExp
with RExp
.Pattern = "^[a-zA-Z0-9]{3,8}$"
.IgnoreCase = True
.Global = True
end with
userid= "a234f678"
Response.Write RExp.test(userid)
Here only characters lower or upper case along with numbers is allowed. The length of the string has to be minimum 3 and maximum 8 char length. Here is some different values of the string ( userid ) for which the validation will pass and output will be True.
It will fail or return False for these values
Checking email address for pattern using Regular Expression
Here we can check the email address for valid or not by using
Regular Expression. Note that we are not checking the existence of
email address or the domain name associated with it, we are only
checking the pattern of the email and it is in acceptable pattern or
not.
Every email address will have one name part and another domain part
which includes the domain extension. The name part and the domain
part is separated by a @ character. In the name part we can't allow
special characters other than underscore ( _ ) , Hyphen ( -) and dot
( . ) . So our validation has to take care of this. In the domain
name part underscore ( _ ) not allowed and Hyphens ( - ) allowed but
they can't be at the starting or ending of the domain name.
We can imitate the regular expression object of VBScript like this.
dim RExp : set RExp = new RegExp
By using this object we can check any string.
Here is the complete code. The output of this is true or false based
on the result of validation.
dim RExp : set RExp = new RegExp
with RExp
.Pattern = "^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w][^_]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$"
.IgnoreCase = True
.Global = True
end with
email= "a2.3_ra-bi@domain_name.com"
Response.Write RExp.test(email)
Here only characters lower or upper case along with numbers is allowed. The length of the string has to be minimum 3 and maximum 8 char length. Here is some different values of the string ( userid ) for which the validation will pass and output will be True.
It will fail or return False for these values
a2.3_ra-bi@domain-name.com2c,
a2-bidomain-name.com, a2rabi@domain_name.com