1

How can I restrict users from entering special characters and numbers in the text box. I want only alphabets to be entered ( Typed / Pasted ).

give me sample javascript codes?

Febin Thomas
  • 58
  • 1
  • 2
  • 9
  • so if i were Japanese, or Korean, would you block me? If I legitimately used a special character for a person's name, would you still block me? There are a lot of languages in the world, you ***can't*** keep track of all the *"special characters"*. – Joseph Apr 12 '12 at 05:25
  • possible duplicate of [should i screen out odd characters from names](http://stackoverflow.com/questions/8831700/should-i-screen-out-odd-characters-from-names) – Joseph Apr 12 '12 at 05:37

3 Answers3

2

Take a look at this question: Function to return only alpha-numeric characters from string?

This is what you're after:

$result = preg_replace("/[^a-zA-Z0-9]+/", "", $inputVar);

If you're inserting that into the database after that, be sure to use something like mysql_real_escape_string() or prepared statements.

Relying on Javascript solely for character validation is a very bad practice since JS can easily be disabled, and is not enabled on all devices globally.

Community
  • 1
  • 1
tcole
  • 947
  • 6
  • 14
  • for one thing the question seems to be more likely to be about javascript (a validation function on the keyup event to block writing in it) and also you should be aware that people around here don't just do the job for others that didn't even try a thing – mishu Apr 12 '12 at 05:31
  • The original question was a bit vague, but good point. I've added the word "solely". Either way, he included "PHP" as a tag, and the first one at that, including form validation. I think it's important to cover all aspects and not just the JS one. – tcole Apr 12 '12 at 05:32
  • you are right, the js validation can be passed easily (editing with a browser with console, disabling js etc) but the php validation is the most important – mishu Apr 12 '12 at 05:35
  • voted up because you pointed this important thing that some forget about: js validation does not exclude php validation – mishu Apr 12 '12 at 05:36
1

Rather than preventing the entry of certain characers, it is far more user friendly and effective to validate the value when the form is submitted. You really don't care what the value of the field is before that, and you don't need special handling for how the value is entered. It might be pasted, dragged, auto-entered, entered by a plugin or script, or other methods.

A trivial example:

</script>

<form onsubmit="return validate(this);">
  <input type="text" name="foo">
  <input type="submit">
</form>

<script type="text/javascript">
function validate(form) {
  var re = /^[a-z,A-Z]+$/i;

  if (!re.test(form.foo.value)) {
    alert('Please enter only letters from a to z');
    return false;
  }
}
</script>
RobG
  • 142,382
  • 31
  • 172
  • 209
1

You can try this, I'm using this right now for my current project

$(document).ready(function(){

/* Allow integers only in form input field with id #selector */
$('#selector').keyup(function () { 
    this.value = this.value.replace(/[^0-9\.]/g,'');
  });   
 })

It also doesn't allow the copy paste, but the weakness is the right click then paste

Disclaimer: I just found it from the internet

SuperNoob
  • 382
  • 3
  • 6
  • 1
    Not good practice since JavaScript can just be turned off in the browser, therefore bypassing this security check. – ryansin Mar 01 '17 at 17:00