Help with Regex for someone's name

[JohnnyT]

Hi,

I'm trying to write a regular expression to check if someone has inputted a valid name for themselves. I started off by just making sure they had entered a-z or A-Z or spaces. But I quickly realised that there are names like O'Brian and those names with the funny accent over the 'e' and the 'o'.

I wondered if someone has a regular expression that they use to check for valid names?

Here's what I've got so far... (bear in mind I'm absolutely useless at regex's and this was through a lot of trial and error!)

function check_valid_name($string) {

return preg_match("%[^a-zA-Z\-\\'\\\ ]%", $string);

}

Many thanks for any help you can give me

Cheers

John ;-)

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

let's turn it around. what do you consider to be an 'invalid' name?

perhaps a better bet is to test the email address, which does not allow diacriticals etc.

 

[feherke]

Hi

perhaps a better bet is to test the email address, which does not allow diacriticals etc.

According to RFC 3490 - Internationalizing Domain Names in Applications, theoretically there can be characters with "funny accent" in the domain names. So they could be in the domain part of the mail address too.

Practically I heard bout no naive people who registered such domain name.

Note : I not read that RFC, so I may be wrong.


Feherke.

http://rootshell.be/~feherke/

 

[jpadie]

that's a proposed standard. has not made it to draft status yet and i have not read anything to suggest that it will.

however the current rfc (

http://www.rfc-editor.org/rfc/rfc1035.txt)

does talk about case sensitivity and allowing the full binary octet to be used in the future. a frightening prospect.

 

[feherke]

Hi

that's a proposed standard

Well, that is what I knew, but some guys who are strong in network administration corrected me. Two things are sure : registration for such domains is open and sub-domains with such characters works.

Personally I still hope the best. ( I mean, no such domains in the real life. )


Feherke.

http://rootshell.be/~feherke/

 

[JohnnyT]

Hi,
Thanks for all the replies. I wasn't actually talking about domain names but real names. i.e. John Smith.

I want to prevent illegal characters from being entered into the database. Such as someone either mis-typing something or a malicious attempt.

Any ideas?

Thanks

John ;-)

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

please re read my first post.

 

[JohnnyT]

Hi jpadie

I am testing the email address for validity too.

However, that won't prevent someone using the First Name and Surname fields to perform an SQL injection attack (which is my main worry).

Do you think I should just forget validating the First Name and Surname?

I've only read a few things about sql injection and maybe I'm getting paranoid...

???

Cheers

John ;-)

I don't make mistakes, I'm merely beta-testing life.

 

[jpadie]

my first post was intending to get you thinking not about what you DO want in a name but about what you DON'T want in a name. once you have analysed this it is easy to craft a regex.

you do not need regex to protect against sql injection. just ensure that you ESCAPE all sql variables using mysql_real_escape_string (if mysql). also ensure that you enquote all non numeric variables.

personally i do not validate surnames.

 

[JohnnyT]

Ok, thanks for the advice (as always).

Much appreciated

John ;-)

I don't make mistakes, I'm merely beta-testing life.