Solved

How to validate names with apostrophes in them

Posted on 2016-08-28
11
72 Views
Last Modified: 2016-08-28
I am trying to do simple php validation on a name field. But what I have now blocks everything except letters and spaces. What if the person has a ' in their name which isn't uncommon. e.g.: O'Brian

if (!preg_match("/^[a-zA-Z ]*$/",$_POST['name'])) {
  $error .= "Only letters and white space allowed"; 
}

Open in new window

0
Comment
Question by:Black Sulfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 500 total points
ID: 41773605
So allow the characters you want.

/^[a-zA-Z ']*$/

HTH,
Dan
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773607
Oh right. Simple as that. Doh!
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773609
BTW, after accepting that user input, I would make sure I would sanitize the string before using it for anything.

https://www.owasp.org/index.php/OWASP_PHP_Filters
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773612
It is going into a database and I am using real_escape_string to prevent sql injection. Is that sufficient?
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773613
For SQL injection, yes.

Make sure you use some kind of validation when using the string for output too.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773614
I have this for the actual insert:

$name = htmlentities($_POST['name'], ENT_QUOTES);

Open in new window


That okay?
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773615
Insert into the DB or insert into the final output?

That line makes sure it will display properly in a browser.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773617
$stmt = $link->prepare("INSERT INTO `users` (email, password, firstName) VALUES (?, ?, ?)");
			$stmt->bind_param("sss", $email, $password, $name);
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$password = trim(password_hash($password, PASSWORD_BCRYPT, [12]));
			$name = htmlentities($_POST['name'], ENT_QUOTES);
			$stmt->execute();
			$stmt->close();

Open in new window

0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773618
Sorry, I am using a prepared statement so I didn't actually need real_escape_string here.
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773620
Assuming you're using MySQL, I always use mysqli::real_escape_string before insert.

Then use htmlspecialchars or htmlentities after I collected the data from the DB and use it in a query string or directly for output.
1
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773621
Yup, a prepared statement takes care of real_escape_string.

Your approach should work too. Storing the string already html encoded so you don't forget to do that when using it.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question