Solved

How to validate names with apostrophes in them

Posted on 2016-08-28
11
36 Views
Last Modified: 2016-08-28
I am trying to do simple php validation on a name field. But what I have now blocks everything except letters and spaces. What if the person has a ' in their name which isn't uncommon. e.g.: O'Brian

if (!preg_match("/^[a-zA-Z ]*$/",$_POST['name'])) {
  $error .= "Only letters and white space allowed"; 
}

Open in new window

0
Comment
Question by:Black Sulfur
  • 6
  • 5
11 Comments
 
LVL 34

Accepted Solution

by:
Dan Craciun earned 500 total points
Comment Utility
So allow the characters you want.

/^[a-zA-Z ']*$/

HTH,
Dan
0
 

Author Comment

by:Black Sulfur
Comment Utility
Oh right. Simple as that. Doh!
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
BTW, after accepting that user input, I would make sure I would sanitize the string before using it for anything.

https://www.owasp.org/index.php/OWASP_PHP_Filters
0
 

Author Comment

by:Black Sulfur
Comment Utility
It is going into a database and I am using real_escape_string to prevent sql injection. Is that sufficient?
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
For SQL injection, yes.

Make sure you use some kind of validation when using the string for output too.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Black Sulfur
Comment Utility
I have this for the actual insert:

$name = htmlentities($_POST['name'], ENT_QUOTES);

Open in new window


That okay?
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Insert into the DB or insert into the final output?

That line makes sure it will display properly in a browser.
0
 

Author Comment

by:Black Sulfur
Comment Utility
$stmt = $link->prepare("INSERT INTO `users` (email, password, firstName) VALUES (?, ?, ?)");
			$stmt->bind_param("sss", $email, $password, $name);
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$password = trim(password_hash($password, PASSWORD_BCRYPT, [12]));
			$name = htmlentities($_POST['name'], ENT_QUOTES);
			$stmt->execute();
			$stmt->close();

Open in new window

0
 

Author Comment

by:Black Sulfur
Comment Utility
Sorry, I am using a prepared statement so I didn't actually need real_escape_string here.
0
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Assuming you're using MySQL, I always use mysqli::real_escape_string before insert.

Then use htmlspecialchars or htmlentities after I collected the data from the DB and use it in a query string or directly for output.
1
 
LVL 34

Expert Comment

by:Dan Craciun
Comment Utility
Yup, a prepared statement takes care of real_escape_string.

Your approach should work too. Storing the string already html encoded so you don't forget to do that when using it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now