Should I allow underscores in first and last names?

Question

Should I allow underscores in first and last names?

We have a form that has fields for the first and last name. I was asked to allow underscores. I don’t know a single SQL injection that uses underscores, but I also don’t know anyone with underscores in their name. Is there a good reason to allow or not allow underscores in names?

EDIT: I am using parameters and server side validation. This is for client-side validation through the jQuery validation plugin.

EDIT 2: I didn’t mean it would become a discussion about whether I should do any checks ... I just wanted to know if there is any good reason to accept underscores, for example, I have to accept Irish people or hyphen. Based on this, I accept Oren's answer.

+5

jquery-validate sql-injection whitelist

Chad yeates Jul 23 '10 at 14:19

source share

6 answers

DO NOT PREVENT SQL INTEGRATION USING WHITELISTS!

Will you still meet O'Neill?

Use options instead.

_,

Re: EDIT:
.
, --'!@--_.
, .

+12

SLaks 23 . '10 14:20

. sql escape- , . , .

+3

DGM 23 . '10 14:21

(O'Reilly, Double-Barrel). .

+2

bcmcfc 23 . '10 14:22

SQL-, ..

'? , '?

+1

Blorgbeard 23 . '10 14:21

, , () " "?

- , , .

+1

NinjaCat 23 . '10 15:47

Oren Hizkiya · Accepted Answer · 2010-07-23T14:23:00+0000

You should be as liberal as possible in what you allow as a name. There is no good reason to prohibit underlining, so why do this? There are many horrible stories of people trying to use software that prohibits their actual name. See Falsenesss Believe About Names Programmers for assumptions you should not make.

Should I allow underscores in first and last names?

DO NOT PREVENT SQL INTEGRATION USING WHITELISTS!

More articles: