I need regular expression who validates textbox to avoid ' and " without using javascript because javascript is a a client-side scripting language so it can be closed on browser. Just want to avoid only these two special characters not whole special characters.
Asked
Active
Viewed 47 times
-1
-
1Regex, for this? It's overkill. Use `str.Any(c => c == '\'' || c == '"')` – Lucas Trzesniewski Aug 28 '15 at 08:02
-
Please tell me this isn't an attempt to prevent [SQL Injection attacks](http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). – Micke Aug 28 '15 at 08:06
-
maybe the downvoters could also comment to give the OP a hint how to ask better! – nozzleman Aug 28 '15 at 08:06
-
2@nozzleman, the usual rules stated in the help center apply. Avoid *gimme the regex* questions, show your attempt. Not showing your effort for *trivial* questions like this one is particularly bad. I don't understand how this question could get 2 upvotes. – Lucas Trzesniewski Aug 28 '15 at 08:10
-
You cannot prevent inserting client-side scripts that easy. Just think of escaping these characters, thus your regex would not recognize the code which still would work. This problem however is not only faced on SQL-injection but generally on cross-side scripting (see https://de.wikipedia.org/wiki/Cross-Site-Scripting). – MakePeaceGreatAgain Aug 28 '15 at 08:15
-
@LucasTrzesniewski: what I was trying to say is, obviously, this is a new user. downvoting the question is very valid, but it would have been nice to also put in the effort to point out the reason since i do not think he knew about the rules in the first place, which doesn't mean that if he did, he wouldn't stick to them. But generally you are right. i just thinks he deserves to know the reasons for valid downvotes. – nozzleman Aug 28 '15 at 08:15
2 Answers
1
Try:
<asp:RegularExpressionValidator ID="regexpName" runat="server"
ErrorMessage="Your Error Message Here"
ControlToValidate="textboxName"
ValidationExpression="^[^\"\']*$"
/>
-
... and as a sidenote: this validates on BOTH clientside AND serverside! – Hans Kesting Aug 28 '15 at 10:31
0
use the input pattern attribute:
like this
<input type="text" pattern="^[^\"\']*$" />
or
<input type="text" pattern="[^\"\']*" />