Got more questions? Find advice on: ASP | SQL | XML | Windows
in Search
Welcome to RegexAdvice Sign in | Join | Help

RegEx for Validating Password (ASP)

Last post 12-17-2009, 8:35 AM by mays. 13 replies.
Sort Posts: Previous Next
  •  02-19-2009, 1:59 AM 51012

    RegEx for Validating Password (ASP)

    Hi all, i need help with regular expression.

     It needs to start with a letter (therefore cant be start with digit), at least 6 chars, max 8. No special chars, only number and letter and had to AT LEAST contain 1 digit.

    this is what i have so far: re.Pattern = "^[a-z]\w{5,7}$"

    Looks fine but i cant check if it at least contain 1 Digit. i cant fit this expression : (?=.*\d) into the regex above (had tried many ways) to check at least 1 digit occurs. Any advice, help or suggestion will be gladly appreciated. Thanks in advance.

  •  02-19-2009, 5:53 AM 51013 in reply to 51012

    Re: RegEx for Validating Password

    Can you please provide us with the information requested in the sticky note at the top of this forum. In particular, we need to know the regex you are using because the following suggestion will only work with a regex that supports lookahead (from your attempt it looks like it does).

    Also, have you searched through this forum for an answer? This type of question comes up fairly regularly and the existing responses often come with explanations of how they work and how they can be extended.

    However, try:


    with the 'ignore case' option set. So you were fairly close - it would have helped if we had seen some of your attempts and how they didn't match your test examples (error messages, matches that were wrong etc). (Note - '\w' includes the underscore character which presumably would count as a special character for you)


  •  02-19-2009, 7:54 AM 51014 in reply to 51013

    Re: RegEx for Validating Password

    Hi Aussie Susan, thanks for helping me, however, it still does not validate correctly.

    for some unknown reason, anytime i put(?=.*\d), the password keep validating wrong, i try putting abc123 or abcde1 which supposed to work but it doesnt.

     I'll add the full code in the function: 

    Function ValidatePassword(strPassword)
      Dim re
      Set re = new RegExp

      re.IgnoreCase = false = false
      re.Pattern = "^[a-z]\w{5,7}$"

     ValidatePassword = re.Test(strPassword)
    End Function

     Any help will be gladly appreciated, thanks.

  •  02-19-2009, 5:30 PM 51020 in reply to 51014

    Re: RegEx for Validating Password

    Please answer the questions I asked before. I'm guessing that you are using JavaScript. However you have not said what IS happening when you use the pattern I suggested: does it give a syntax error, a runtime error, no match at all, only a partial match......... Also, can you show us how you have tried to add in the '(?=.*\d)' to your pattern.

    I tried my expression and various 'good' and 'bad' example strings using the Javascript regex tester at and my pattern worked as expected.

    One thing you could try is to make sure you are not getting extraneous characters into your 'strPassword' value. On some platforms, the end of the line is marked by the "\r\n" combination where the "\r" gets in the way of identifying the end of the string. (You can test this by making the last part of the pattern '\r?$"). However, this assumes that you are carrying the line terminators in the string variable and not trimming them.


  •  02-19-2009, 7:06 PM 51023 in reply to 51020

    Re: RegEx for Validating Password

    That's definitely not javascript. I think it's VB..script.. maybe..

     The pattern should match though, and IgnoreCase should be true.

  •  02-19-2009, 7:30 PM 51025 in reply to 51023

    Re: RegEx for Validating Password


    That was my first guess as well, but VB.Net would use the "Regex" class, not "Regexp" if I remember correctly. The quick search I did on the Internet showed the "new Regexp" occurred in JavaScript and so that was the reason for my guess.

    Just re-enforces why the posting guidelines are there to be read - takes a lot of the guess work out of the situation and speeds up arriving at a suitable answer for the questioners.



    Edit: Just done some more searching of the net and I see that VBScript (as opposed to VB.Net - my mistake) uses the same regex engine as Javascript and both have the "RegExp" class. However, the site I looked at ( also said that VBScript RegExp V1.0 does not support lazy quantifiers. If the error relates to their use, then try using using the ''normal' version of the quantifier instead.

  •  02-19-2009, 9:37 PM 51028 in reply to 51025

    Re: RegEx for Validating Password

    Hi Basil and Aussie Susan, thanks for replying.

    Sorry for late replies, i'm using VB script for this validation purpose. But due to the error with  the digit, i might use javascript (is it possible to do javascript and vb at the same time like in one asp page?) I try put (?=.*\d)  in the front, middle, and last and all of it not working properly. The validation for some strange reason keep making it error. Ah ya strange occurance is the [5,7] --> this strangely make the characters between 6 and 8.  not between 5 and 7. is it counting the white space also? this one really made me stuck around 2 days..

  •  02-19-2009, 10:29 PM 51034 in reply to 51028

    Re: RegEx for Validating Password

    Susan & Basil: Yes he's using VBScript.

    Susan chances are for ASP he's using VBScript 5.5+ which has most of the basic regex features.

    Gracias did you try use the pattern Susan suggested? Show your code with her pattern and explain what you value you are testing with and what result you are getting.  Keep in mind we can't see what you are doing say there was a error really doesn't tell us anything. The pattern shouldn't throw an error.

    Another question are you testing this client-side with Internet Explorer?  There is a bug in that browser dealing with look-aheads.


    "In theory, theory and practice are the same. In practice, they are not."
    Albert Einstein
  •  02-20-2009, 1:45 AM 51037 in reply to 51028

    Re: RegEx for Validating Password

    Please note that the pattern quantifier is "{5,7}" - those are curly braces and not square ones. Also, remember that the quantifier only applies to the single item that immediately precedes it, in this case the "\w". Therefore there will be between 5 and 7 matches based on this. However, there is a "[a-z]" before that which will match a single character - hence the 6 to 8 character match overall.

    From what I read, there is no difference to the regex engine that is used whether you use VBScript or Javascript - the difference it at the programming language level and not the regex level. 


  •  02-20-2009, 6:37 AM 51042 in reply to 51037

    Re: RegEx for Validating Password

    all right, i will put the full code here to clear the confusion:

    ------- Testing.htm--------------------------------------------------------------------------------------------- -------------------------------------

    <TITLE>Administrator Page</TITLE>
    <link rel="stylesheet" type="text/css" href="webs.css" />
    <form method="post" action="http://localhost/adminLog.asp">
    <h1>Warning!  </h1>
    <h2> This page is for administrator only! </h2>
    <p> Click <a href="Asg1.htm">here</a> if you are student or not an administrator </p>

    <h5> User Name:  <input size="15" name="users" type="text"><br>
     Password  :  <input size="15" name="pass" type="password"></h5>

    <h5><input type="submit" value="Submit" id="submit1" name="submit1"></h5>




    <% @language="vbscript" %>
        dim userName, password

        userName = Request.Form("users")
        password = Request.Form("pass")
        set conn = server.createObject("ADODB.Connection")
        set rs = server.createObject("ADODB.RecordSet")

        conn.Open "DSN=DataWebDSN" --> will deal with database later, but had to validate first

        If (ValidatePassword(password)) Then
          sql = "SELECT * FROM Admin "
          set rs = conn.Execute(sql)

          Response.Redirect("errorAdmin.htm") --> here just show error message
          End If

    Do While NOT rs.EOF
    If (userName = rs("User_Name")) Then
    Response.Write("Login Successful!"  & "<br>")
    Response.Write("Welcome Administrator! " & "<br>")
    Response.Write("Your password: " & password )

        end if

    set rs=nothing
    Set conn = Nothing

    Function ValidatePassword(strPassword)
      Dim re
      Set re = new RegExp

      re.IgnoreCase = true = false

      re.Pattern = "^(?=.*?\d)[a-z][a-z0-9]{5,7}$"

      ValidatePassword = re.Test(strPassword)
    End Function




    ok, now for the error i got: i always got redirected to to "errorAdmin.htm", which means the validation function is wrong. again, however it works properly when i did not put the (?=.*\d).

    I'm using Internet Explorer version 7.0.5730.13

    this is the input that failed and success to validate:

    "abc123" -> failed

    "abcdef12" -> failed

    "aaaaa1" -> failed

    "abc12ab1" -> failed

    "a12bc13" -> success

    "ab121212" -> success

    "adminOutputab12abc1" -> success

      Any other info please let me know,


  •  02-20-2009, 12:08 PM 51049 in reply to 51042

    Re: RegEx for Validating Password

    gracias86, you've been bitten by a Microsoft bug!  The pattern as written is correct but there is a bug with the lookahead construct in the VBScript regex engine.

    I think it the same bug that I wrote about a few years ago, or at least related to it.  I will go into in more detail when I have some time, maybe after work tonight.

    In the mean time try this pattern instead, It should work around the bug.



    "In theory, theory and practice are the same. In practice, they are not."
    Albert Einstein
  •  02-20-2009, 9:51 PM 51055 in reply to 51049

    Re: RegEx for Validating Password

    Dear mash, thanks for helping me! your pattern works correctly!

    By the way, may i know what's causing the bug, and how to avoid this so in the future i might know how to deal with it?. Thanks also for everyone that helping me to figure out the problem (Aussie Susan especially).

  •  02-21-2009, 2:48 PM 51060 in reply to 51055

    Re: RegEx for Validating Password


    Dear mash, thanks for helping me! your pattern works correctly!

    By the way, may i know what's causing the bug, and how to avoid this so in the future i might know how to deal with it?. Thanks also for everyone that helping me to figure out the problem (Aussie Susan especially).

    My new theory is the it's a bug in the DLL for VBScript.  I've writtten about what I think is happening here

    But the short answer for avoiding it is for strong password type regexes test the length first.  Don't know it that will work for every pattern though.


    "In theory, theory and practice are the same. In practice, they are not."
    Albert Einstein
  •  12-17-2009, 8:35 AM 57902 in reply to 51060

    Re: RegEx for Validating Password

    I too same across this hidden IE6 demon and remained clueless for a couple of days. Thanks mash for helping me out.

    Agreeing to mash's findings that in IE ,

    1. While finding the lower count for occurrences, counting starts from the end of the first lookahead match. Albeit this, final matches will be made only from the start of the string.
    2. For upper count, behavior is as expected. 
    3. Work around would be to include the occurrence count in to a lookahead ( which is the solution stated above).

    Please correct me if I'm wrong.

    Now for my case, for the spite of quick and dirty developers , if you need a password matching expression which does , 

    • Must contain minimum 8 to 12 characters, mandatorily including one letter and number
    • May include only one of the following special characters: %,&, _, ?, #, =, -
    • Cannot have any spaces
    Use : /(?=^[\w%&?#=-]{8,12}$)(?=.+\d)(?=.+[a-zA-Z]).+/
    (?=^[\w%&?#=-]{8,12}$)          : Look ahead which matches the special char pattern + does the occurrence count
    (?=.+\d)                                : matches atleast one digit
    (?=.+[a-zA-Z])                        : matches atleast one alphabet
    .+                                         : filler for the chars 


     Another catch, for the same JScript engine version 5.7 , IE8 doesnt show this behaviour.


View as RSS news feed in XML