views:

123

answers:

5

I want to remove all special characters (",/{}etc.) from an input field being saved as a string to the DB.

What is the best approach?

Should this check be tackled with JS, ColdFusion or Microsoft SQL - Maybe all three?

How would I go about coding this using ColdFusion or Microsoft SQL?

+3  A: 

Are you sure you want to blacklist only those characters? Usually a much safer approach is to whitelist only the acceptable characters.

If you want to ensure your data is kept pure, the safest place to do this is at source, using an INSERT/UPDATE trigger.

You could write a UDF that does this in T-SQL, or for best performance, implement it as a CLR function using C# or similar.

Doing this only in SQL could cause validation issues, though. E.g., if the user has only entered invalid characters on a required field, they essentially have given you no input, so your GUI will likely need to throw a validation error. So, best to have validation checks for usability in your front-end, and triggers for data integrity on the back end.

RedFilter
+2  A: 
Al Everett
How would I go about also leaving the spaces in the string?
Alex
Add it as a valid character. I've changed my answer to allow the use of the space character.
Al Everett
Why leave out punctuations?
Henry
+2  A: 

Use a regular expression in Coldfusion

<cfset cleanInput = rereplace(form.input,"[^A-Za-z0-9]","","all") />

This says replace any character that is not A through Z or a through z or 0 through 9 with nothing and do it for everyone encountered.

Jason Tabler
As for "when to do it":Javascript: When you need the user to know for a convenienceApplication Server: Always for validation and you can request correctionsDB Level: Depends on your organization's policy, but is really just extra, extra. It's easier to give feedback at the application level.
Jason Tabler
+1  A: 

Remove it on the app layer (i.e. CF) makes most sense.

Maybe you'll find this useful:

http://demo.bryantwebconsulting.com/datamgr/word.cfm

Henry
+1  A: 

For UI, You should check out JQuery Masked input.

http://digitalbush.com/projects/masked-input-plugin/

http://plugins.jquery.com/project/maskedinput

Vikas