?
Solved

How to validate names with apostrophes in them

Posted on 2016-08-28
11
Medium Priority
?
77 Views
Last Modified: 2016-08-28
I am trying to do simple php validation on a name field. But what I have now blocks everything except letters and spaces. What if the person has a ' in their name which isn't uncommon. e.g.: O'Brian

if (!preg_match("/^[a-zA-Z ]*$/",$_POST['name'])) {
  $error .= "Only letters and white space allowed"; 
}

Open in new window

0
Comment
Question by:Black Sulfur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 35

Accepted Solution

by:
Dan Craciun earned 2000 total points
ID: 41773605
So allow the characters you want.

/^[a-zA-Z ']*$/

HTH,
Dan
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773607
Oh right. Simple as that. Doh!
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773609
BTW, after accepting that user input, I would make sure I would sanitize the string before using it for anything.

https://www.owasp.org/index.php/OWASP_PHP_Filters
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773612
It is going into a database and I am using real_escape_string to prevent sql injection. Is that sufficient?
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773613
For SQL injection, yes.

Make sure you use some kind of validation when using the string for output too.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773614
I have this for the actual insert:

$name = htmlentities($_POST['name'], ENT_QUOTES);

Open in new window


That okay?
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773615
Insert into the DB or insert into the final output?

That line makes sure it will display properly in a browser.
0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773617
$stmt = $link->prepare("INSERT INTO `users` (email, password, firstName) VALUES (?, ?, ?)");
			$stmt->bind_param("sss", $email, $password, $name);
			$email = htmlentities($_POST['email'], ENT_QUOTES);
			$password = trim(password_hash($password, PASSWORD_BCRYPT, [12]));
			$name = htmlentities($_POST['name'], ENT_QUOTES);
			$stmt->execute();
			$stmt->close();

Open in new window

0
 
LVL 1

Author Comment

by:Black Sulfur
ID: 41773618
Sorry, I am using a prepared statement so I didn't actually need real_escape_string here.
0
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773620
Assuming you're using MySQL, I always use mysqli::real_escape_string before insert.

Then use htmlspecialchars or htmlentities after I collected the data from the DB and use it in a query string or directly for output.
1
 
LVL 35

Expert Comment

by:Dan Craciun
ID: 41773621
Yup, a prepared statement takes care of real_escape_string.

Your approach should work too. Storing the string already html encoded so you don't forget to do that when using it.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question