-3

I am creating an HTML form, and I have text fields in my form that ask people to fill in their name. I don't want to user to fill in any of these characters when filling out their name-

! @ # $ % ^ & * ( ) _ - + = { [ } ] | \ : ; " ' < , > . ? / 1 2 3 4 5 6 7 8 9

Is there any certain way I can do this? Thanks!

Armaan Azeem
  • 1
  • 1
  • 6
    So I'm not allowed to use your site? My name has a hyphen in it. Many people have apostrophes in theirs. http://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/ – ceejayoz Jan 07 '15 at 22:13
  • possible duplicate of [Regular expression for validating names and surnames?](http://stackoverflow.com/questions/888838/regular-expression-for-validating-names-and-surnames) – Jeremiah Winsley Jan 07 '15 at 22:15
  • 3
    Have you tried anything? – j08691 Jan 07 '15 at 22:16

1 Answers1

0

Ok, well you should really check for these characters at both the client-side using Javascript, and at the server-side using whatever you're using, PHP, ASP.NET, etc. Let me explain why you need each.

You should do the javascript validation because you want your user to see they did something wrong if they type in a disallowed character. For instance, you might make a warning in red test visible if it is not valid.

You might think that would take care of the problem, and it would, unless your users are crafty, and trying to screw with you. They can force a submission to your server that you would have checked for with your javascript if they had actually been using your page unmodified. They can easily rewrite your javascript to be whatever the heck they want. However, they cannot rewrite your validation code if it is running on your server when your server gets a submission.

So the javascript is for user-friendliness, and the server code is for security.

I don't know what back-end you're using, so I can't really help with that, but it will be fairly similar in functionality to the javascript code. Here we go.

Here's an example html document with a form:

<html>
    <form
        name="signupForm" action="registerUser.asp"
        onsubmit="return validateForm()" method="post">

        First name: <input id="nameInput" type="text" name="name">

        <input type="submit" value="Submit">
    </form>
</html>

Ok, now here's some accompanying javascript to implement that validateForm() function we saw:

function validateForm() {
    var x = document.forms["signupForm"]["name"].value;

    if (x == '!' || x == '@' || x == '#' || ... all your other conditions too ...) {
        alert("Name cannot contain ... blah blah blah... characters.");
        return false;
    }
}

And that right there would do it for ya. Keep in mind please, that using the alert function is frowned upon. It's really antiquated and just not a good user experience. Perhaps instead you could put in a line of javascript to make a hidden text message near the input box visible, that displays the message instead. I'm sure you've seen that kind of thing before, and it's much more pleasant than an obnoxious pop-up message. You're not trying to punish your users for their typing mistakes.

Hope this helps. Also, you might want to consider allowing hyphens, they are really quite common in people's legal names. If this is your method of sanatizing database inputs, you're doing that the wrong way.

Dan
  • 660
  • 6
  • 15
  • Yes. I will consider apostrophes and hyphens. Thanks! The only problem is that I don't know if I have a server set up or not, and if I do, how to connect it... Also, my form isn't on a site yet, I'm still working on it. – Armaan Azeem Jan 08 '15 at 04:18
  • If you want to view the code, I set up a quick website so you can view it. Here's the link-https://sites.google.com/a/butler53.com/codex/ – Armaan Azeem Jan 08 '15 at 04:25
  • Ok, well it looks like you're using a google site. I don't know that much about these, and I'm not sure if they are intended to have sign-up forms like you're talking about. It looks like this is your opening form tag: `
    ` So I'm guessing you just dropped in some example form from w3schools.org? Are you _trying_ to submit the form to W3 Schools? If you let us know what you're actually trying to do, I can try and give more details on how to do server-side validation.
     – Dan Jan 09 '15 at 20:54
  • No! I'm not using a google site! I just made that site so you can view the code. I don't really know how to format it, so I made that site so you can see it. – Armaan Azeem Jan 11 '15 at 05:00
  • SO, I don't really get the concept of "server side, client side, use side," like any of those, but what I'm trying to do is that when a user of my form types in their name, he/she won't be able to type in any of those characters. (except for hyphens and apostrophes, of course.) – Armaan Azeem Jan 11 '15 at 05:03
  • Ok, well a website has a couple of components. The html document that you put things like forms and paragraphs in is one component. However, to get that to a user's computer so their browser (Firefox, Chrome, Internet Explorer) can open it, you have to give it to them. You do this by sending it to them from a server of some kind. So when they type in a web address (URL, like www.google.com) they are connecting to your server (which is just a computer running special software to give out your web pages). When someone requests one of your webpages, your server runs code to deliver it. – Dan Jan 12 '15 at 20:10
  • The code running on the server is never seen by the user, or sent to the user. It just runs on the server and has teh result of sending the web page to the user. The server also can have forms submitted to it, which is what you're trying to do. There is also code that can run on the user's computer directly. This code is javascript, that is sent as part of the html document your server sends to your user. You're trying to limit what things a user can submit for their name to the server. You need to check both using javascript when they type it in (I gave you an example for that), – Dan Jan 12 '15 at 20:13
  • and also you need to check that the input is ok with the server code you are running that handles a user giving the server a form. It doesn't sound like you really know how you're going to make your html into an actual website. You're doing a good job, and probably learning alot, but I think you're missing some understanding of how websites work. Let me know if you have any questions, I'm happy to help, and I used to teach introductory programming. – Dan Jan 12 '15 at 20:16
  • Thanks, @Dan! My second most annoying question is: Can you set up a server with just a code? Or do you need wiring, or... That's just the part I never really ever got. Thanks! – Armaan Azeem Jan 13 '15 at 23:24
  • So, you can run a website on your own computer, but you do need special software for it. For Windows PCs, you can usually add a feature called IIS (Internet Information Services) which lets your computer host a few different kinds of websites. You can also use a free, open-source program called Apache to host websites. Apache works on Mac, PC, and Linux. The thing about hosting a website on your own PC though is how to let users access it. You need to open up a port on your network router, and probably open the firewall on your computer for the port you are running your website through. – Dan Jan 15 '15 at 17:41
  • The other thing is, how will users know where to go? A web address like http://www.google.com is called a URL. But the only way to find another computer over the internet is using things called IP addresses. An IP address looks like this: 192.168.1.42 So there are things called DNS (Dynamic Lookup Server) that help your computer when you type in www.google.com to translate that into google's IP address so you can communicate with the google server. You can run your website on your home computer using just your IP address to connect to it if you want, but there are a few problems with that. – Dan Jan 15 '15 at 17:43
  • One of the problems is that normally your IP address isn't static. This means that it changes sometimes. Static IP addresses are usually more expensive. Another thing is you probably don't own a domain name, like www.armaanazeem.com You have to buy these, and then register them with a DNS so people can type it in to get your IP address. It can in fact be cheaper to just use a website service. It usually is. You can pay a service to host any kind of website you want like Microsoft's Azure, or Amazon Web Services (AWS). – Dan Jan 15 '15 at 17:58
  • There are also a lot of services that will let you do free sites, like free blogs. So if you're just building your site for fun, and to show your friends and stuff, you don't need anything special. – Dan Jan 15 '15 at 18:17