You can use regular expressions to match and validate the text that users enter in cfinput and cftextinput tags. Ordinary characters are combined with special characters to define the match pattern. The validation succeeds only if the user input matches the pattern.
Regular expressions let you check input text for a wide variety of custom conditions for which the input must follow a specific pattern. You can concatenate simple regular expressions into complex search criteria to validate against complex patterns, such as any of several words with different endings.
You can use ColdFusion variables and functions in regular expressions. The ColdFusion server evaluates the variables and functions before the regular expression is evaluated. For example, you can validate against a value that you generate dynamically from other input data or database values.
Because special characters are the operators in regular expressions, in order to represent a special character as an ordinary one, you must escape it by preceding it with a backslash. For example, use two backslash characters (\\) to represent a backslash character.
The following rules govern regular expressions that match a single character:
Escape seq |
Matches |
Escape seq |
Meaning |
---|---|---|---|
[\b] |
Backspace. |
\s |
Any of the following white space characters: space, tab, form feed, and line feed. |
\b |
A word boundary, such as a space. |
\S |
Any character except the white space characters matched by \s. |
\B |
A nonword boundary. |
\t |
Tab. |
\cX |
The control character Ctrl-x. For example, \cv matches Ctrl-v, the usual control character for pasting text. |
\v |
Vertical tab. |
\d |
A digit character [0-9]. |
\w |
An alphanumeric character or underscore. The equivalent of [A-Za-z0-9_]. |
\D |
Any character except a digit. |
\W |
Any character not matched by \w. The equivalent of [^A-Za-z0-9_]. |
\f |
Form feed. |
\n |
Backreference to the nth expression in parentheses. See Backreferences. |
\n |
Line feed. |
\ooctal |
The character represented in the ASII character table by the specified octal number. |
\r |
Carriage return. |
\xhex |
The character represented in the ASCII character table by the specified hexadecimal number. |
Use the following rules to build a multicharacter regular expression:
Backreferencing lets you match text in previously matched sets of parentheses. A slash followed by a digit n (\n) refers to the nth parenthesized subexpression.
One example of how you can use backreferencing is searching for doubled words; for example, to find instances of "the the" or "is is" in text. The following example shows backreferencing in a regular expression:
(\b[A-Za-z]+)[ ]+\1
This code matches text that contains a word that is repeated twice; that is, it matches a word, (specified by the \b word boundary special character and the "[A-Za-z]+)" followed by one or more spaces (specified by "[ ]+"), followed by the first matched subexpression, the first word, in parentheses. For example, it would match "is is", but not "This is".
ColdFusion validation normally considers a value to be valid if any of it matches the regular expression pattern. Often you might want to ensure that the entire entry matches the pattern. If so, you must "anchor" it to the beginning and end of the field, as follows:
The following examples show some regular expressions and describe what they match:
Expression |
Description |
---|---|
[\?&]value= |
Any string containing a URL parameter value. |
^[A-Z]:(\\[A-Z0-9_]+)+$ |
An uppercase Windows directory path that is not the root of a drive and has only letters, numbers, and underscores in its text. |
^(\+|-)?[1-9][0-9]*$ |
An integer that does not begin with a zero and has an optional sign. |
^(\+|-)?[1-9][0-9]*(\.[0-9]*)?$ |
A real number. |
^(\+|-)?[1-9]\.[0-9]*E(\+|-)?[0-9]+$ |
A real number in engineering notation. |
a{2,4} |
A string containing two to four occurrences of a: aa, aaa, aaaa; for example, aardvark, but not automatic. |
(ba){2,} |
A string containing least two ba pairs; for example, Ali baba, but not Ali Baba. |