Dr. Drew Hwang, CIS, Cal Poly Pomona
Home
101
WDD
ECOMM
SWA
SP
Secure Web Development
Home
Basics
Offense
Defense
SDLC
Code
Access
Parameter
Perimeter
Browser
Industry
Resource
Defense
Defensive Mechanism
Input Validation
CAPTCHA
Cryptography
Cryptography
ASPNET Cryptography
Error Handling
Alert & Audit
Database Security
Access Control
Regex Library
Common Regex
Regex Reference (.NET)
Regex Reference (PHP)
Regex Analyzer
Encode/Decode
HTML Encoder
HTML Decoder
URL Encoder
URL Decoder
Print
Common Regular Expressions
Application
Expression
Format Samples
Description
Name
^[a-zA-Z''-'\s]{1,40}$
John Doe
O'Dell
Validates a name. Allows up to 40 uppercase and lowercase characters and a few special characters that are common to some names. You can modify this list.
Social security number
^\d{3}-\d{2}-\d{4}$
111-11-1111
Validates the format, type, and length of the supplied input field. The input must consist of 3 numeric characters followed by a dash, then 2 numeric characters followed by a dash, and then 4 numeric characters.
Phone number
^[01]?[- .]?(\([2-9]\d{2}\)|[2-9]\d{2})[- .]?\d{3}[- .]?\d{4}$
(425) 555-0123
425-555-0123
425 555 0123
1-425-555-0123
Validates a U.S. phone number. It must consist of 3 numeric characters, optionally enclosed in parentheses, followed by a set of 3 numeric characters and then a set of 4 numeric characters.
Email
^(?("")("".+?""@)|(([0-9a-zA-Z]((\.(?!\.))| [-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*) (?<=[0-9a-zA-Z])@)) (?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])| (([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,6}))$
someone@example.com
Validates an e-mail address.
URL
^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z]) *(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_]*)?$
http://www.microsoft.com
Validates a URL
Zipcode
^(\d{5}-\d{4}|\d{5}|\d{9})$|^([a-zA-Z]\d[a-zA-Z] \d[a-zA-Z]\d)$
12345
Validates a U.S. ZIP Code. The code must consist of 5 or 9 numeric characters.
Password
(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{8,10})$
Validates a strong password. It must be between 8 and 10 characters, contain at least one digit and one alphabetic character, and must not contain special characters.
Non- negative integer
^\d+(\.\d\d)?$
0
986
Validates that the field contains an integer greater than zero.
Currency (non- negative)
^(-)?\d+(\.\d\d)?$
1.20
Validates for a positive or negative currency amount. If there is a decimal point, it requires 2 numeric characters after the decimal point.
IP Address
\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
999.999.999.999
Validate IP addresses.
(source: How To: Use Regular Expressions to Constrain Input in ASP.NET,
MSDN
;
regular-expression.info
)