Regex validation rules

Question

I'm writing a database backup function as part of my school project.

I need to write a regex rule so the database backup name can only contain legal characters.

By 'legal' I mean a string that doesn't contain ANY symbols or spaces. Only letters from the alphabet and numbers.

An example of a valid string would be '31Jan2012' or '63927jkdfjsdbjk623' or 'hello123backup'.

Here's my JS code so far:

    // Check if the input box contains the charactes a-z, A-Z ,or 0-9 with a regular expression.

    function checkIfContainsNumbersOrCharacters(elem, errorMessage){
        var regexRule = new RegExp("^[\w]+$");
        if(regexRule.test( $(elem).val() ) ){ 
            return true;
        }else{
            alert(errorMessage);
            return false;
        }
    }


//call the function

checkIfContainsNumbersOrCharacters("#backup-name", "Input can only contain the characters a-z or 0-9.");

I've never really used regular expressions before though, however after a quick bit of googling i found this tool, from which I wrote the following regex rule:

^[\w]+$

^ = start of string

[/w] = a-z/A-Z/0-9

'+' = characters after the string.

When running my function, the whatever string I input seems to return false :( is my code wrong? or am I not using regex rules correctly?

Answer 1

When you declare the regex as a string parameter to the RegExp constructor, you need to escape it. Both

var regexRule = new RegExp("^[\\w]+$");

...and...

var regexRule = new RegExp(/^[\w]+$/);

will work.

Keep in mind though, that client side validation for database data will never be enough, as the validation is easily bypassed by disabling javascript in the browser, and invalid/malicious data can reach your DB. You need to validate the data on the server side, but preventing the request with invalid data, but validating client side is good practice.

Answer 2

The \w is a synonym for [[:alnum:]], which matches a single character of the alnum class. Note that using character classes means that you may match characters that are not part of the ASCII character encoding, which may or may not be what you want. If what you really intend to match is [0-9A-Za-z], then that's what you should use.

Answer 3

This is the official spec: http://dev.mysql.com/doc/refman/5.0/en/identifiers.html but it's not very easily converted to a regular expression. Just a regular expression won't do it as there are also reserved words.

Why not just put it in the query (don't forget to escape it properly) and let MySQL give you an error? There might for instance be a bug in the MySQL version you're using, and even though your check is correct, MySQL might still refuse.

Answer 4

It can be simpler. This works:

function checkValid(name) {
  return /^\w+$/.test(name);
}

/^\w+$/ is the literal notation for new RegExp(). Since the .test function returns a boolean, you only need to return its result. This also reads better than new RegExp("^\\w+$"), and you're less likely to goof up (thanks @x3ro for pointing out the need for two backslashes in strings).

Answer 5

The problem here is, that when writing \w inside a string, you escape the w, and the resulting regular expression looks like this: ^[w]+$, containing the w as a literal character. When creating a regular expression with a string argument passed to the RegExp constructor, you need to escape the backslash, like so: new RegExp("^[\\w]+$"), which will create the regex you want.

There is a way to avoid that, using the shorthand notation provided by JavaScript: var regex = /^[\w]+$/; which does not need any extra escaping.