Validating User Input with VB.NET

Introduction

Validating user input can be quite a pain, especially if you do not know what techniques and what namespaces are at your disposal. Because everyone has a different way of doing things, my methods might not be 100% the same as your methods. This is why I decided to make use of Regular Expressions here within this article. Today you will learn how to use regular Expressions to validate user input.

What is Validation?

In simple terms, validation refers to ensuring entered data is well, valid. Determining whether or not data is valid can sometimes be a painstaking process as there are numerous tests that need to be thought of. These tests include:

  1. Format test - This test determines if the entered string is in the correct format.
  2. Type test - This test checks if the input is the correct type. For example: Integers of dates that do not need conversion afterwards.
  3. Permitted Character test - This test ensure that no illegal characters are entered. For example: If a user is supposed to enter a name, numbers and some special symbols must not be allowed.
  4. Range test - This tests checks to see if entered values are within a specified range. For example : If you are only supposed to type in 50 characters, you must not be able to enter more than fifty.

There are some more tests, but I want to keep this article straightforward and basic enough.

Now, how do I perform these tests?

Well, sometimes a good structured and thought out If statement can suffice, but it can become quite long and cumbersome in the future. Also, the more tests you are performing, the slower your app might become. So what can we do? The answer is simple: Use Regular Expressions! That is what they were invented for.

What are Regular Expressions?

Regular Expressions are extremely powerful. They make use of a pattern matching system to match the input with a certain pattern of data. This means that as a programmer, you have the power to supply the exact pattern for the input you desire in any text input field. By using Regular Expressions this way, you can reduce the chances of getting errors at erratic times.

For more information regarding Regular Expressions, you are welcome to look at these two MSDN articles:

An Example Project

Because it is always easy to learn by doing things practically, you will be creating an app that makes use of Regular Expressions to determine valid input.

Start Visual Studio and create a Desktop VB.NET application and design the form to resemble Figure 1.

Our Design
Figure 1 - Our Design

Code

The Regular Expression's functionalities exist in the System.Text.RegularExpressions namespace, so let us add that first:

Imports System.Text.RegularExpressions ' Regular Expressions Namespace

Add the following four variables inside the General Declarations section:

    Private NameValid As Boolean 'Is Name  Valid?
    Private SurnameValid As Boolean 'Is Surname Valid?
    Private PhoneValid As Boolean 'Is Phone Number Valid?
    Private EmailValid As Boolean 'Is Email Valid?

These objects will determine if all our data is valid or not. Based on each of these variables' values, we will know if the data is correct or not.

Validating Names

A name doesn't generally contain weird symbols, and definitely not numbers. That may seem like Captain Obvious speaking, but you'll be amazed at some of the data that gets entered into a name field. Sometimes people are just trying to be funny, or they are literally trying to break your program. You could say that a program's testers are supposed to do this; yes, they should - nobody else should.

Add the following inside your name Textbox's Leave event:

    Private Sub txtName_Leave(sender As Object, e As System.EventArgs) Handles txtName.Leave

        'If Not A Matching Format Entered
        If Not Regex.Match(txtName.Text, "^[a-z]*$", RegexOptions.IgnoreCase).Success Then 'Only Letters

            MessageBox.Show("Please Enter Alphabetic Characters Only!") 'Inform User

            txtName.Focus() 'Return Focus
            txtName.Clear() 'Clear TextBox

            NameValid = False 'Boolean = False
        Else

            NameValid = True 'Everything Fine

        End If

    End Sub

Easy one to start with. The Leave event fires when the control loses focus. This can be from the mouse clicking inside another field, or a Tab key being pressed to navigate to the next input control.  I then created an If statement to determine how the input data was formatted and whether or not the data is only alphabetic. If the data is indeed only alphabetic letters (no symbols, no numbers or any other punctuation characters) the test succeeds and stores True inside the NameValid variable. If not, if there is even just one unallowed character that is not supposed to be there, the Match method will return False.

See how quick it is to use Regular Expressions? Instead of you having to loop through each character to determine what that character is, you simply need the correct Regular Expression pattern. If you are uncertain about the pattern I supplied, have a look here.

Validating Surnames

Well, the same logic should obviously apply here. Just a note, some surnames contain spaces and even hyphens. My surname contains a space and it can get quite frustrating if I am not allowed to enter my correct surname, or that I have to edit my surname not to include a space. So, what I am trying to say is: make sure you understand other cultures, or be aware of people with uncommon names. Add this to validate the surname textbox:

    Private Sub txtSurname_Leave(sender As Object, e As System.EventArgs) Handles txtSurname.Leave

        'Create A Pattern For Surname
        Dim strSurname As String = "^[a-zA-Z\s]+$"

        Dim reSurname As New Regex(strSurname) 'Attach Pattern To Surname Textbox

        'Not A Match
        If Not reSurname.IsMatch(txtSurname.Text) Then

            MessageBox.Show("Please Enter Alphabetic Characters Only!")

            txtName.Focus()

            txtName.Clear()

            SurnameValid = False

        Else

            SurnameValid = True

        End If

    End Sub

It is basically the exact same code for the Name box, but I just included the capability to comprehend a space character as well.

Validating Phone Numbers

Now it gets trickier! Phone numbers usually follow some sort of format. This is because it becomes more legible than just a normal set of numbers. People expect to enter a phone number in a format similar to this: ###-###-####. Sometimes there are even brackets surrounding the code. In certain cases the international dialling code will also need to be supplied. Using Regular expressions here, is basically the standard, even though it is a bit messy. Add the following code to validate your phone number textbox:

    'Function To Check Phone Number Validity
    Public Function ValidatePhone(ByVal strPhoneNum As String) As Boolean

        ''Create Reg Exp Pattern
        Dim strPhonePattern As String = "^[1-9]\d{2}-[1-9]\d{2}-\d{4}$"

        'Create Reg Ex Object
        Dim rePhone As New Regex(strPhonePattern)

        'Something Typed In
        If Not String.IsNullOrEmpty(strPhoneNum) Then

            PhoneValid = rePhone.IsMatch(strPhoneNum) 'Check Validity

        Else

            PhoneValid = False 'Not Valid / Empty

        End If

        Return PhoneValid 'Return True / False

    End Function
    
    Private Sub txtTel_LostFocus(sender As Object, e As System.EventArgs) Handles txtTel.LostFocus

        If Not ValidatePhone(txtTel.Text) Then 'Call Phone Validation Function

            MessageBox.Show("Please Enter Phone Number In Correct Format!")

            txtTel.Clear() 'Clear Input
            txtTel.Focus() 'Return Focus

        End If

    End Sub

Here, I created a separate function to do all the work. This function is later called inside the textbox's LostFocus event, which also fires when a control loses the focus. I set up my Expression to allow only numbers, but in the format I explained earlier. If it isn't valid input, it will clear the textbox and give it the focus again; if it is valid, the PhoneValid variable gets updated to true.

Validating Emails

This one will be tough, be warned. Emails also follow a certain format. It is always username at sub domain dot domain. Keep in mind that each country has its own domain name, which sometimes will look like: .au or .za or .co.za. The point I am trying to make is that there may be more than one dot after the at sign. Add this code to validate the Email textbox:

    Private Sub ValidateEmail()

        'Set Up Reg Exp Pattern To Allow Most Characters, And No Special Characters
        Dim reEmail As Regex = New Regex("([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\." + _
        ")|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})", _
        RegexOptions.IgnoreCase _
        Or RegexOptions.CultureInvariant _
        Or RegexOptions.IgnorePatternWhitespace _
        Or RegexOptions.Compiled _
        )

        Dim blnPossibleMatch As Boolean = reEmail.IsMatch(txtEmail.Text)

        If blnPossibleMatch Then

            'Check If Entered Email Is In Correct Format
            If Not txtEmail.Text.Equals(reEmail.Match(txtEmail.Text).ToString) Then

                MessageBox.Show("Invalid Email Address!")

            Else

                EmailValid = True 'Email is Perfect

            End If

        Else 'Not A Match To Pattern

            EmailValid = False 'Set Boolean Variable To False

            MessageBox.Show("Invalid Email Address!") 'Inform User

            txtEmail.Clear() 'Clear Textbox

            txtEmail.Focus() 'Set Focus To TextBox

        End If

    End Sub
    
    Private Sub txtEmail_LostFocus(sender As Object, e As System.EventArgs) Handles txtEmail.LostFocus

        ValidateEmail() 'Check Email Validity

    End Sub

The expression may look horrible to the layman's eye, but look closer. It just summarizes the above paragraph. Each email must have an @ sign. Each email must have at least one . (dot) afterwards. Again, certain special characters are obviously not allowed. This sub checks the email's format and if it thinks that it matches, it returns True and vice versa. Obviously this only works for the formatting of the email. To check if the user has entered an email that actually exists, you will have to find a different way such as to send a Registration confirmation of some sorts.

Conclusion

As you can see, Regular Expressions are a vital tool to have at your disposal, so become good friends with them. I hope you have learned from this article and that you have enjoyed it as much as I did. Until next time, cheers!



Related Articles

Downloads

Comments

  • Mr

    Posted by Thabo Diholo on 10/07/2014 02:15am

    hello, am a 1st year student doing information technology. my question is how do you validate or block the user in visual basic .NET to enter information on the 2nd textbox while the 1st textbox is empty.

    Reply
  • CheckPoint

    Posted by Hoozuki on 03/24/2014 11:14pm

    Validating user input can be quite a pain, especially if you do not know what techniques and what namespaces are at your disposal. Because everyone has a different way of doing things, my methods might not be 100% the same as your methods. This is why I decided to make use of Regular Expressions here within this article. Today you will learn how to use regular Expressions to validate user input. CheckPoint 156-915.76 Exam Exam Number/Code: 156-915.76 Exam Name: Check Point Certified Security Expert Update Blade 156-915.76 exam is an important CheckPoint certification which can test your professional skills. Candidates want to pass the exam successfully to prove their competence. Passokay CheckPoint technical experts have collected and certified 246 questions and answers of 156-915.76 exam which are designed to cover the knowledge points of the Interconnecting CheckPoint Networking Devices Part 1 and enhance candidates' abilities. With Passokay 156-915.76 preparation tests you can pass the 156-915.76 exam easily, get the CCENT certification and go further on CheckPoint career path. Questions and Answers: 324 Q&As; Update Time: 2014-03-03 Question: 1 Which SmartEvent, what is the Correlation Unit's function? A. Invoke and define automatic reactions and add events to the database B. Assign seventy levels to events C. Display received threats and tune the Events Policy D. Analyze log entries, looking for Event Policy patterns Answer: D Question: 2 How do you verify the Check Pant kernel running on a firewall? A. fw ctrl get kernel B. fw ctrl pstat C. fw kernel D. fw ver -k Answer: D Question: 3 After repairing a Smart Workflow session: A. The session moves to status Repaired and a new session can be started B. The session moves to status Awaiting Repair and must be resubmitted C. The session is continued with status Not approved and a new session must be started D. The session is discarded and a new session is automatically started Answer: B Question: 4 Which Remote Desktop protocols are supported natively in SSL VPN? A. Microsoft RDP only B. AT&T VNC and Microsoft RDP C. Citrix ICA and Microsoft RDP D. AT&T VNC, Citrix ICA and Microsoft RDP Answer: D Question: 5 To force clients to use integrity Security Workspace when accessing sensitive applications, the Administrator can configure Connectra: A. Via protection levels B. To implement integrity Clientless Security C. To force the user to re-authenticate at login D. Without a special setting. Secure Workspace is automatically configured. Answer: A Question: 6 The default port for browser access to the Management Portal is A. 4433 B. 4343 C. 8080 D. 443 Answer: A Question: 7 In which case is a Sticky Decision Function relevant? A. Load Sharing - Unicast B. Load Balancing - Forward C. High Availability D. Load Sharing - Multicast Answer: D Question: 8 Refer to the network topology below. You have IPS Software Blades active on the Security Gateways sglondon, sgla, and sgny, but still experience attacks on the Web server in the New York DMZ. How is this possible? A. AH of these options are possible. B. The attacker may have used a bunch of evasion techniques like using escape sequence instead of cleartext commands. It is also possible that there are entry points not shown in the network layout, like rogue access points. C. Since other Gateways do not have IPS activated, attacks may originate from their network without anyone noticing. D. An IPS may combine different detection technologies, but is dependent on regular signature updates and well-turned anomaly algorithms. Even if this is accomplished, no technology can offer 100 % protection. Answer: C Question: 9 What SmartConsole application allows you to change the Log Consolidation Policy? A. SmartReporter B. SmartUpdate C. SmartEvent Server D. Smart Dashboard Answer: A

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • IBM Worklight is a mobile application development platform that lets you extend your business to mobile devices. It is designed to provide an open, comprehensive platform to build, run and manage HTML5, hybrid and native mobile apps.

  • Protecting business operations means shifting the priorities around availability from disaster recovery to business continuity. Enterprises are shifting their focus from recovery from a disaster to preventing the disaster in the first place. With this change in mindset, disaster recovery is no longer the first line of defense; the organizations with a smarter business continuity practice are less impacted when disasters strike. This SmartSelect will provide insight to help guide your enterprise toward better …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds