I think that's perfect. You are following the principle of only allowing a SPECIFIC set of characters. It doesn't matter what other crap your users might try (or hackers, for that matter), because you are saying "I will only allow this specific thing". It's the same thing that Unix/Linux does for security, and exactly what Windows generally doesn't (although the more recent versions are better). In Linux, everything is turned off by default, and you have to manually allow the small set of things you want. However, in Windows everything is allowed by default, and you have to disallow things you don't want. I am oversimplifying things, as Windows isn't as bad as I'm making it sound. But you get the idea.
> -----Original Message----- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 08, 2006 8:27 AM > To: CF-Talk > Subject: RE: How do I write a Regex for this? > > Jacob...I realized my solution was posted in another > thread, so I've included it below... Rick > > -------------------------------------------------------------- > -------------- > ------------------- > > What seems to have covered all the bases in > my situation is to run two error traps: > > Not Len(Trim(Form.Amount)) > > - Catches empty formfields > > Len(Trim(Form.Ammount)) and Not IsNumeric(REReplace(Form.Premium, > "[.$,]","","All"))> > > - This code makes sure there is data in the field > - Allows for $ , . to be entered, but stripped out. > This is important > because many times for dollar amounts, those > characters are used > and should not trigger an error for the user > - Catches data entered into the field which is just a > garbage entry, > such as oweinfe9, does not assign it a value as using > VAL would, > but doesn't accept this garbage entry by stripping out all the > non-numeric > characters and turning the entry into $9.00, for example > - It would catch the entry as incorrect, redisplay the > entry in the > formfield > for the user to inspect and allow changes > - By using this line of code, I can also redisplay the entry in > DollarFormat > for the user, then have the $., stripped back out by > this line for > processing > > Those two trapping statements seems to cover all the bases, > but it's hard to > anticipate everything someone might throw in a formfield. This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A1. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:234618 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
