November 24, 2007

Regular Expressions to validate User input

Pattern & practices - Examples for validating user inputs

// Decomposed method which actually creates the pattern object and determines the match. 
// Used by all of the other functions.
static bool MatchString(string str, string regexstr)
str = str.Trim();
System.Text.RegularExpressions.Regex pattern = new System.Text.RegularExpressions.Regex(regexstr);
return pattern.IsMatch(str);

Validating User name

static bool IsValidUserName(string strUsername)
// Allows word characters [A-Za-z0-9_], single quote, dash and period
// must be at least two characters long and less then 128
string regExPattern = @"^[\w-'\.]{2,128}$";
// We also permit email address characters in user name. Set to false
// if you don't permit email addresses as usernames.
bool allowEmailUsernames = true;
if (allowEmailUsernames)
return (MatchString(strUsername, regExPattern) || IsValidEmailAddress(strUsername));
return MatchString(strUsername, regExPattern);

Validating Password

static bool IsValidPassword(string strPassword)
// Allows any type of character
// If complexity is enabled, the password must be longer
// and contain at least one uppercase, one lowercase,
// one numeric and one symbolic character. Set to false
// if your requirements differ.
bool passwordCompleity = true;
// These are some proposed minimum password lengths. If
// complexity is enabled (above), the stronger (longer)
// minimum password rule applies.
int minPasswordLen = 6;
int strongPasswordLen = 8;

if (passwordComplexity)
string regExPattern = @"^.*(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[`~!@#\$%\^\&\*\(\)-_\=\+\[\{\]\}\\\|;:',<\.>/?]).*$";
return (strPassword.Length >= strongPasswordLen && MatchString(strPassword, regExPattern));
return (strPassword.Length >= minPasswordLen);


Validating Email


static bool IsValidEmailAddress(string strEmail)
// Allows common email address that can start with a alphanumeric char and contain word, dash and period characters
// followed by a domain name meeting the same criteria followed by a alpha suffix between 2 and 9 character lone
string regExPattern = @"^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$";
return MatchString(strEmail, regExPattern);

Validating Name

static bool IsValidName(string strName)
// Allows alphabetical chars, single quote, dash and space
// must be at least two characters long and caps out at 128 (database size)
string regExPattern = @"^[a-zA-Z-'\.\s]{2,128}$";
return MatchString(strName, regExPattern);

Validating Street Address

static bool IsValidStreetAddress(string strAddress)
// Since so many different types of address formats we're just going to swing the bat at
// this one for now and do a match against a series of digits (potentially containing
// punctuation), followed by a series of characters representing the street name and then
// potentially a type of street and unit number
string regExPattern = @"\d{1,3}.?\d{0,3}\s[a-zA-Z]{2,30}(\s[a-zA-Z]{2,15})?([#\.0-9a-zA-Z]*)?";
return MatchString(strAddress, regExPattern);

Validating City Name

static bool IsValidCity(string strCity)
// Here we simply treat city names like people names and defer to our name validation function.
return IsValidName(strCity);

ZIP Code

static bool IsValidZIPCode(string strZIP)
// Allows 5 digit, 5+4 digit and 9 digit zip codes
// must be at least two characters long and caps out at 128 (database size)
string regExPattern = @"^(\d{5}-\d{4}|\d{5}|\d{9})$";
return MatchString(strZIP, regExPattern);

US Phone Number

static bool IsValidUSPhoneNumber(string strPhone)
// Allows phone number of the format: NPA = [2-9][0-8][0-9] Nxx = [2-9][0-9][0-9] Station = [0-9][0-9][0-9][0-9]
string regExPattern = @"^[01]?[- .]?(\([2-9]\d{2}\)|[2-9]\d{2})[- .]?\d{3}[- .]?\d{4}$";
return MatchString(strPhone, regExPattern);

Credit card number

static bool IsValidCCNumber(string strCCNumber)
// This expression is basically looking for series of numbers confirming to the standards
// for Visa, MC, Discover and American Express with optional dashes between groups of numbers
string regExPattern = @"^((4\d{3})|(5[1-5]\d{2})|(6011))-?\d{4}-?\d{4}-?\d{4}|3[4,7][\d\s-]{15}$";
return MatchString(strCCNumber, regExPattern);


SSN Number


static bool IsValidSSN(string strSSN)
// Allows SSN's of the format 123-456-7890. Accepts hyphen delimited SSNs or plain numeric values.
string regExPattern = @"^\d{3}[-]?\d{2}[-]?\d{4}$";
return MatchString(strSSN, regExPattern);




static bool IsValidURL(string strURL)
// Allows HTTP'and FTP URL's, domain name must start with alphanumeric and can contain a port number
// followed by a path containing a standard path character and ending in common file suffixies found in URL's
// and accounting for potential CGI GET data
string regExPattern = @"^^(ht|f)tp(s?)\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*(:(0-9)*)*(\/?)([a-zA-Z0-9\-\.\?\,\'\/\\\+&%\$#_=]*)?$";
return MatchString(strURL, regExPattern);


IP Address


static bool IsValidIPAddress(string strIP)
// Allows four octets of numbers that contain values between 4 numbers in the IP address to 0-255 and are separated by periods
string regExPattern = @"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$";
return MatchString(strIP, regExPattern);

Is Alpha Text?


static bool IsValidAlphaText(string strAlpha)
// Allows one or more alphabetical characters. This is a more generic validation function.
string regExPattern = @"^[A-Za-z]+$"; return MatchString(strAlpha, regExPattern);

Is alpha-numeric text?


static bool IsValidAlphaNumericText(string strAlphaNum)
// Allows one or more alphabetical and/or numeric characters. This is a more generic validation function.
string regExPattern = @"^[A-Za-z0-9]+$";
return MatchString(strAlphaNum, regExPattern);


Is numeric text?


static bool IsValidNumericText(string strNumeric)
// Allows one or more positive or negative, integer or decimal numbers. This is a more generic validation function.
string regExPattern = @"/[+-]?\d+(\.\d+)?$";
return MatchString(strNumeric, regExPattern);