Let's say I'm building a web application whose user pages can be found at http://example.com/<code>NAME</code>. What's the best way to make sure the username doesn't conflict with a reserved word (e.g. 'about', 'contact', etc.)? I can think of two ways: <ul> <li>Maintain a list somewhere in my code. This is great and all, but means I have another piece of code I have to edit if I decide to, say, change the "about" page to "aboutus".</li> <li>Request the URI (e.g. http://example.com/someusername) and check if it exists (doesn't return a 404). This feels kind of like a hack, but on the other hand it does exactly what it's supposed to do. On the other hand, I can't reserve anything without making a page for it.</li> </ul> What would be the best way to go about this? Manual validation of usernames is not an option. Thanks! EDIT: I forgot to mention, the username has to go at the root, like this: <blockquote> http://example.com/USERNAME </blockquote> Not like this: <blockquote> http://example.com/users/USERNAME </blockquote> Hence why I'm asking this question. This is for technical reasons, don't ask.

I would strongly suggest using a unique path like <code>http://example.com/users/NAME</code> instead. Otherwise, what are you going to do if you want to add a reserved word, but a user has already taken it as their user name? You'll end up with all kinds of potential migration problems down the track. Alternatively, if you must have something that goes straight off <code>http://example.com/</code>, could you possibly prefix all user names? So that user <code>jerryjvl</code> would translate to link <code>http://example.com/user_jerryjvl</code>? If there is really no other possible solution, then I'd say either check user names against whatever data source determines what the 'reserved words' are, or make a lookup file / table / structure somewhere that contains all the reserved words.

In the interest of completeness, if you can't change the routing. Another possibility is to have your user routes and your non-user routes have a programmatic distinction. For example, if you appended a <code>'_'</code> to the end of each of your user routes, then you can make sure that users are located at: http://example.com/NAME_ and the other route would never end in <code>'_'</code>

Best way to make sure username isn't a reserved word?

Tags:

validation

Let's say I'm building a web application whose user pages can be found at http://example.com/NAME. What's the best way to make sure the username doesn't conflict with a reserved word (e.g. 'about', 'contact', etc.)? I can think of two ways:

Maintain a list somewhere in my code. This is great and all, but means I have another piece of code I have to edit if I decide to, say, change the "about" page to "aboutus".
Request the URI (e.g. http://example.com/someusername) and check if it exists (doesn't return a 404). This feels kind of like a hack, but on the other hand it does exactly what it's supposed to do. On the other hand, I can't reserve anything without making a page for it.

What would be the best way to go about this? Manual validation of usernames is not an option. Thanks!

EDIT: I forgot to mention, the username has to go at the root, like this:

http://example.com/USERNAME

Not like this:

http://example.com/users/USERNAME

Hence why I'm asking this question. This is for technical reasons, don't ask.

564

asked Jun 03 '09 08:06

Sasha Chedygov

3 Answers

I would strongly suggest using a unique path like http://example.com/users/NAME instead. Otherwise, what are you going to do if you want to add a reserved word, but a user has already taken it as their user name? You'll end up with all kinds of potential migration problems down the track.

Alternatively, if you must have something that goes straight off http://example.com/, could you possibly prefix all user names? So that user jerryjvl would translate to link http://example.com/user_jerryjvl?

If there is really no other possible solution, then I'd say either check user names against whatever data source determines what the 'reserved words' are, or make a lookup file / table / structure somewhere that contains all the reserved words.

answered Oct 18 '22 08:10

jerryjvl

In the interest of completeness, if you can't change the routing. Another possibility is to have your user routes and your non-user routes have a programmatic distinction. For example, if you appended a '_' to the end of each of your user routes, then you can make sure that users are located at: http://example.com/NAME_ and the other route would never end in '_'

answered Oct 18 '22 07:10

Sean

How about changing your routing scheme so that users are at example.com/users/NAME ?

answered Oct 18 '22 07:10

spender

Related questions
                            
                                Running a single validation in Rails
                            
                                Using validators to ensure that user filled either one of two required fields
                            
                                How to maintain scroll position after client-side validation fails?
                            
                                How to save something to the database after failed ActiveRecord validations?
                            
                                Spring 3 - Accessing messages.properties in jsp
                            
                                Dynamic partial view + jquery form hijack + client validation = not working
                            
                                custom jquery validation and unobtrusive JavaScript
                            
                                validate two fields with jQuery Validate
                            
                                ValidationSummary not working when ValidationGroup is specified
                            
                                JSF input failed to Double conversion error
                            
                                jquery plugin for international phone number validations
                            
                                Entity framework 4.3 with required association
                            
                                Regular Expression for Password Strength Validation
                            
                                How to prevent the default browser input validation?
                            
                                Where should I specify my charset if not on a meta element?
                            
                                Django form validation: get errors in JSON format
                            
                                How do I show what validation errors Parsley.js has found?
                            
                                User Input Validation in PyQt5 and Python
                            
                                Does Pymongo have validation rules built in?
                            
                                How to validate a Singaporean FIN?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With