Regular Expression Validator in ASP.NET for \*, \|, \^, \~

Question

I want to make sure that the user does not input any of these string: \* or \| or \^ or \~.

What regular expression would I use for this in ASP.Net page, and also would the ASP.Net regex validator automatically validate on server-side using the client-side regular expression or I would need to write server-side validation code?

*** allowed

^|*~ allowed

\** NOT allowed

\^\|*\~ not allowed

score 2 · Answer 1 · answered Apr 20 '12 at 19:29

2

The escape for regex is what you already put: \ (\*, \|, etc). As far as using this. I would use javascript/jquery if you want this done on the clientside

answered Apr 20 '12 at 19:29

Justin Pihony

66,056
18
147
180

+1, but you would only need to write your own javascript/jquery if you wanted a very custom or unobtrusive solution. This is because with `EnableClientSide` set to true, asp.net will insert the client code to the page for you. – Robbie Apr 20 '12 at 19:51

score 2 · Accepted Answer · edited May 23 '17 at 12:03

2

Regular expressions are usually used to define a pattern that a subject should match. What you are asking for is to define a pattern that a subject should not match. Inverse matching is not a built in feature in regex, however it is possible to mimic this behaviour by using a negative lookaround.

The following expression uses a negative lookahead (?!...) to match what you need:

^((?!(\\\*)|(\\\|)|(\\\^)|(\\\~)).)*$

This SO answer provides an excellent explanation on how the negative lookahead achieves the inverse regex match behaviour.

I guess this also answers your questions about how to escape the backslash character as well. You just double escape as I have done above.

About Client + Server side validation in Asp.Net WebForms

The RegularExpressionValidator control will do both server and client side validation for you so long as you have EnableClientScript set to true. This will cause error messages to display when the ControlToValidate loses focus (client side) or when the page is posted back (server side).

edited May 23 '17 at 12:03

Community

1
1

answered Apr 20 '12 at 19:38

Robbie

18,750
4
41
45

The back slash is not an escape character in my situation. I actually want to make sure that the user doesn't input these 2 characters that includes the backslash and the character following backslash. – Sunil Apr 20 '12 at 20:02
@Sunil ahh, ok so you would allow `***` and `^|*~` but not `*\**` or `\^\|\*\~`? i.e. you mean the literal `\*` or `\^`, etc... – Robbie Apr 20 '12 at 20:08
*** allowed, ^|*~ allowed, *\\*** NOT allowed, \^\|\*\~? not allowed. yes i meant the literal. thanks – Sunil Apr 20 '12 at 20:13
Ok, so in that case you need to do use negative lookarounds. I'll update my answer. – Robbie Apr 20 '12 at 20:23
Robbie. Thanks a lot. Excellent answer and help. – Sunil Apr 20 '12 at 20:31

score 0 · Answer 3 · edited May 23 '17 at 12:12

Regular Expression Validator is validating the content on client side. You could use the custom validator which can validate on client side as well as server side.

Sample for custom validator:

//html:
<asp:TextBox ID="textPreferredDate" runat="server"></asp:TextBox>
<asp:CustomValidator ID="CustomValidator1" runat="server" ControlToValidate="textPreferredDate" Display="Dynamic" ErrorMessage="Format: m/d/yyyy" OnServerValidate="CustomValidator1_ServerValidate" ClientValidationFunction="validateDate">Invalid format (m/d/yyyy)</asp:CustomValidator><br />

//client side:
<script language="javascript">
function validateDate(oSrc, args)
{
   var iDay, iMonth, iYear;
   var arrValues;
   arrValues = args.Value.split("/");
   iMonth = arrValues[0];
   iDay = arrValues[1];
   iYear = arrValues[2];

   var testDate = new Date(iYear, iMonth - 1, iDay);
   if ((testDate.getDate() != iDay) ||
      (testDate.getMonth() != iMonth - 1) ||
      (testDate.getFullYear() != iYear))
   {
       args.IsValid = false;
       return;
   }

   return true;
} </script>

//server side:
protected void CustomValidator1_ServerValidate(object source, ServerValidateEventArgs args)
{
   try
   {
      DateTime.ParseExact(args.Value, "d", null);
      args.IsValid = true;
   }
   catch
   {
      args.IsValid = false;
   }
}

By the way take care if you implement both client and server validation. For further information read this question: Form validation client side and server side

The standard validators will validate on both the client and server side, assuming you call "Page.IsValid" in your code-behind to check. — Zhaph - Ben Duguid, Nov 30 '12 at 13:10

Regular Expression Validator in ASP.NET for \*, \|, \^, \~

3 Answers3