CODEWITHSUNDEEP
c#regexvalidationexpression
Anoushka Seechurn
Anoushka Seechurn

Reputation: 2256

Regex expression to validate a user input

I am building a system where the user builds a query by selecting his operands from a combobox(names of operands are then put between $ sign).

eg. $TotalPresent$+56
eg. $Total$*100
eg 100*($TotalRegistered$-$NumberPresent$)

Things like that, However since the user is allowed to enter brackets and the +,-,* and /. Thus he can also make mistakes like

eg. $Total$+1a
eg. 78iu+$NumberPresent$

ETC...

I need a way to validate the query built by the user.

How can I do that ?

Upvotes: 1

Views: 128

Answers (3)

Anoushka Seechurn
Anoushka Seechurn

Reputation: 2256

Hey guys I managed to get to my ends(Thanks to Anirudh(Validating a String using regex))

I am posting my answer as it may help further visitors.

 string UserFedData = ttextBox1.Text.Trim().ToString(); 
  //this is a regex to detect conflicting user built queries.
   var troublePattern = new Regex(@"^(\(?\d+\)?|\(?[$][^$]+[$]\)?)([+*/-](\(?\d+\)?|\(?[$][^$]+[$]\)?))*$");
   //var troublePattern = new Regex(@"var troublePattern = new Regex(@"^(?:[-]?\(*)?(?:\$[A-Za-z][A-Za-z0-9_]*\$|\d+)(?:\)*[+/*-]\(*(?:\$[A-Za-z][A-Za-z0-9_]*\$|\d+))*(?:\)*)$");
 string TroublePattern = troublePattern.ToString();


//readyToGo is the boolean that indicates if further processing of data is safe or not
                        bool readyToGo = Regex.IsMatch(UserFedData, TroublePattern, RegexOptions.None);

Upvotes: 0

Abstraction
Abstraction

Reputation: 1652

I need a way to validate the query built by the user.

Personally, I don't think it is a good idea to use regex here. It can be possible with help of some extensions (see here, for example), but original Kleene expressions aren't fit for checking whether unlimited number of parentheses is balanced. Even worse, too difficult expression may result in significant time and memory spent, opening doors to denial-of-service attacks (if your service is public).

You can make use of a weak expression, though: one which is easy to write and match with and forbids most obvious mistakes. Some inputs will still be illegal, but you will discover that on parsing, as Menno van den Heuvel offered. Something like this should do:

^(?:[-]?\(*)?(?:\$[A-Za-z][A-Za-z0-9_]*\$|\d+)(?:\)*[+/*-]\(*(?:\$[A-Za-z][A-Za-z0-9_]*\$|\d+))*(?:\)*)$

Upvotes: 0

Menno van den Heuvel
Menno van den Heuvel

Reputation: 1861

A regex will never be able to properly validate a query like that. Either your validation would be incomplete, or you would reject valid input.

As you're building a query, you must already have a way parse and execute it. Why not use your parsing code to validate the user input? If you want to have client-side validation you could use an ajax call to the server.

Upvotes: 1

Related Questions