I have the following regex: ^[a-zA-Z](.*)[a-zA-Z]$ on both the Javascript and PHP side that I have been using for validating a person's name and message fields on a contact form (no database interaction). It basically ensures that the first and last character in the field are alphabets, and allows anything else in-between.
My concerns are:
- For this type of functionality, should I be bothered with trying to validate a person's name or message? The only thing I am validating or rather protecting against is any malicious input.
- I'm unsure what type of attacks I could leave my site open to, if the only thing I do is check that the fields aren't empty.
Are these valid concerns? If I start catering for all types of Name and Message scenarios, I'm going to end up with a very long expression that will become too difficult to maintain...So is it really worth it, or is there a bare-minimum regex that I should use for these 2 fields to protect against malicious attacks/scripting?
(PS - I've just been reminded by one of my co-workers about names beginning with an " ! ")
THANK YOU!!
