By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,191 Members | 2,190 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,191 IT Pros & Developers. It's quick & easy.

Form Validation - Finding Duplicates: Regular Expressions or String Functions?

P: n/a
Hi,

I'm trying to figure out the most efficient method for taking the
first character in a string (which will be a number), and use
it as a variable to check to see if the other numbers in the string
match that first number. I'm using this code for form validation of a
telephone number.

Previous records from the past few months show that when someone is
just messing around on one of our forms (to waste our time), they type
in a phone number like "555-555-5555" or "111-222-3333". Our Web forms
have three text boxes for each telephone number:

homephone1 = area code (3 digits)
homephone2 = prefix (3 digits)
homephone3 = suffix (4 digits)

businessphone1 = area code (3 digits)
businessphone2 = prefix (3 digits)
businessphone3 = suffix (4 digits)

My plan is to check for this pattern, then if I find it, just redirect
the user to the thank you page so they'll think the form was
processed, when it actually wasn't.

As we find additional patterns that people use for malicious data,
I'll enter those as well (e.g., 123-123-1234)

Also, if you see any tutorials, or articles that talk about "real
world" form validation please point me to them. I've been looking for
references for form-based validation logic that takes real world dummy
data into account, but haven't found much.

- Eric
Jul 17 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
In message <49**************************@posting.google.com >, Eric
Linders <el********@hotmail.com> writes
Hi,

I'm trying to figure out the most efficient method for taking the
first character in a string (which will be a number), and use
it as a variable to check to see if the other numbers in the string
match that first number. I'm using this code for form validation of a
telephone number.

Previous records from the past few months show that when someone is
just messing around on one of our forms (to waste our time), they type
in a phone number like "555-555-5555" or "111-222-3333". Our Web forms
have three text boxes for each telephone number:
Personally I wonder why so many forms want my phone number. It's so
easy to give a false one without using this kind of pattern, and I am
getting enough junk phone calls already. The only case where I can
think it's reasonable is where I am actually ordering something on the
Internet. Otherwise I consider it a form of nosiness and do give false
ones all the time.

homephone1 = area code (3 digits)
homephone2 = prefix (3 digits)
homephone3 = suffix (4 digits)

businessphone1 = area code (3 digits)
businessphone2 = prefix (3 digits)
businessphone3 = suffix (4 digits)

My plan is to check for this pattern, then if I find it, just redirect
the user to the thank you page so they'll think the form was
processed, when it actually wasn't.

As we find additional patterns that people use for malicious data,
I'll enter those as well (e.g., 123-123-1234)

Also, if you see any tutorials, or articles that talk about "real
world" form validation please point me to them. I've been looking for
references for form-based validation logic that takes real world dummy
data into account, but haven't found much.

- Eric


--
Five Cats
Email to: cats_spam at uk2 dot net
Jul 17 '05 #2

P: n/a

"Five Cats" <ca*******@[127.0.0.1]> wrote in message
news:+U**************@[127.0.0.1]...
Personally I wonder why so many forms want my phone number. It's so
easy to give a false one without using this kind of pattern, and I am
getting enough junk phone calls already. The only case where I can
think it's reasonable is where I am actually ordering something on the
Internet. Otherwise I consider it a form of nosiness and do give false
ones all the time.


I agree with this. Everyone should think more carefully about what
information they need to ask for, and what they need to give.
My plan is to check for this pattern, then if I find it, just redirect
the user to the thank you page so they'll think the form was
processed, when it actually wasn't.

Also, if you see any tutorials, or articles that talk about "real
world" form validation please point me to them. I've been looking for
references for form-based validation logic that takes real world dummy
data into account, but haven't found much.


What you probably want is regular expression matching, but it's a fair bit
to learn. For example:

$string =
ereg_replace("((http|https|rtsp)://[^<>[:space:]]+[[:alnum:]/])","<a
href=\"\\1\">\\1</a>", $string);

turns all applicable plain-text web addresses in $string into HTML
hyperlinks, but as you can see, it's not pretty. There is a lot of info out
there and it is worth learning, however, as it's very powerful.

Whatever happens, you'll never stop duff data and you may lose genuine
requests by directing malformed input to a fake acceptance page. I don't
think the idea is a good one, personally, BUT something you should do is
check the validity of what the user has entered (i.e. an email address must
be in the form

[multiple a-z, 0-9, dot, dash or underscore] @ [multi. a-z, 0-9, dot, dash
or underscore] . [multi. a-z]

and phone numbers must contain so many digits) to catch genuine mistakes or
impossible data.

Rob
Jul 17 '05 #3

P: n/a
I noticed that Message-ID: <bs**********@wapping.cs.man.ac.uk> from Rob
Pridham contained the following:
Personally I wonder why so many forms want my phone number. It's so
easy to give a false one without using this kind of pattern, and I am
getting enough junk phone calls already. The only case where I can
think it's reasonable is where I am actually ordering something on the
Internet. Otherwise I consider it a form of nosiness and do give false
ones all the time.


I agree with this. Everyone should think more carefully about what
information they need to ask for, and what they need to give.


In the UK and doubtless in other countries you may fall foul of the law
if you ask for too much information.

One of the data principles of the Data Protection Act is that
information must be adequate, relevant and not excessive.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #4

P: n/a
In message <8d********************************@4ax.com>, Geoff Berrow
<bl******@ckdog.co.uk> writes
I noticed that Message-ID: <bs**********@wapping.cs.man.ac.uk> from Rob
Pridham contained the following:
Personally I wonder why so many forms want my phone number. It's so
easy to give a false one without using this kind of pattern, and I am
getting enough junk phone calls already. The only case where I can
think it's reasonable is where I am actually ordering something on the
Internet. Otherwise I consider it a form of nosiness and do give false
ones all the time.


I agree with this. Everyone should think more carefully about what
information they need to ask for, and what they need to give.


In the UK and doubtless in other countries you may fall foul of the law
if you ask for too much information.

One of the data principles of the Data Protection Act is that
information must be adequate, relevant and not excessive.

Glad to see I'm not alone. I wanted a download from a well-known site
yesterday which was asking for all sorts of data 'in order that we can
serve you better'. What tosh! More half-truths were entered and I have
my download - or to be more accurate my brothers download.

--
Five Cats
Email to: cats_spam at uk2 dot net
Jul 17 '05 #5

P: n/a
el********@hotmail.com (Eric Linders) wrote in message news:<49**************************@posting.google. com>...
Hi,

I'm trying to figure out the most efficient method for taking the
first character in a string (which will be a number), and use
it as a variable to check to see if the other numbers in the string
match that first number. I'm using this code for form validation of a
telephone number.

Previous records from the past few months show that when someone is
just messing around on one of our forms (to waste our time), they type
in a phone number like "555-555-5555" or "111-222-3333". Our Web forms
have three text boxes for each telephone number:

homephone1 = area code (3 digits)
homephone2 = prefix (3 digits)
homephone3 = suffix (4 digits)

businessphone1 = area code (3 digits)
businessphone2 = prefix (3 digits)
businessphone3 = suffix (4 digits)

My plan is to check for this pattern, then if I find it, just redirect
the user to the thank you page so they'll think the form was
processed, when it actually wasn't.

As we find additional patterns that people use for malicious data,
I'll enter those as well (e.g., 123-123-1234)

Also, if you see any tutorials, or articles that talk about "real
world" form validation please point me to them. I've been looking for
references for form-based validation logic that takes real world dummy
data into account, but haven't found much.

- Eric


Hi Eric,

For Phone Number validations you can efficiently use Regular
Expressions. In PHP it can be done very efficiently using PCRE.

Following is an example to check repetitive digits in phone numbers:

[SNIP]

$string = "3333-222-5555";

if(preg_match('/^([\d])\\1\\1\\1-([\d])\\2\\2-([\d])\\3\\3\\3$/',
$string))
echo "Invalid";
else
echo "Valid";

[/SNIP]
You can even check for consecutive digits by using string functions
with PCRE.

Following is a function which validates phone number according to your
requirements:

[SNIP]

$ph = "3433-232-5565";

if(validatePhoneNumber($ph))
echo "Valid";
else
echo "Invalid";
function validatePhoneNumber($string)
{
if(strlen($string) != 13 )
return false;

if(! preg_match("/([\d]{4,4})-([\d]{3,3})-([\d]{4,4})/",$string,$matches))
return false;

$fchar = $matches[1]{0};
if(preg_match("/^[$fchar]{4,4}$|^".$fchar.($fchar+1).($fchar+2).($fchar+3). "$/",$matches[1]))
return false;

$fchar = $matches[2]{0};
if(preg_match("/^[$fchar]{3,3}$|^".$fchar.($fchar+1).($fchar+2)."$/",$matches[2]))
return false;

$fchar = $matches[3]{0};
if(preg_match("/^[$fchar]{4,4}$|^".$fchar.($fchar+1).($fchar+2).($fchar+3). "$/",$matches[3]))
return false;

return true;
}
[/SNIP]

You can add more patterns to Regular Expression with pipe | operator.

Hope it will help...

-- Rahul
Jul 17 '05 #6

P: n/a
Here's the regexp that looks for the pattern you described:

preg_match("/(\\d)\\1{2}-(\\d)\\2{2}-(\\d)\\3{3}/", $n)

A better strategy is to get a list of all US and Canadian area codes on the
net and check to see if what the user entered is on it.

Uzytkownik "Eric Linders" <el********@hotmail.com> napisal w wiadomosci
news:49**************************@posting.google.c om...
Hi,

I'm trying to figure out the most efficient method for taking the
first character in a string (which will be a number), and use
it as a variable to check to see if the other numbers in the string
match that first number. I'm using this code for form validation of a
telephone number.

Previous records from the past few months show that when someone is
just messing around on one of our forms (to waste our time), they type
in a phone number like "555-555-5555" or "111-222-3333". Our Web forms
have three text boxes for each telephone number:

homephone1 = area code (3 digits)
homephone2 = prefix (3 digits)
homephone3 = suffix (4 digits)

businessphone1 = area code (3 digits)
businessphone2 = prefix (3 digits)
businessphone3 = suffix (4 digits)

My plan is to check for this pattern, then if I find it, just redirect
the user to the thank you page so they'll think the form was
processed, when it actually wasn't.

As we find additional patterns that people use for malicious data,
I'll enter those as well (e.g., 123-123-1234)

Also, if you see any tutorials, or articles that talk about "real
world" form validation please point me to them. I've been looking for
references for form-based validation logic that takes real world dummy
data into account, but haven't found much.

- Eric

Jul 17 '05 #7

P: n/a
el********@hotmail.com (Eric Linders) wrote in message news:<49**************************@posting.google. com>...
Hi,

I'm trying to figure out the most efficient method for taking the
first character in a string (which will be a number), and use
it as a variable to check to see if the other numbers in the string
match that first number. I'm using this code for form validation of a
telephone number.

Previous records from the past few months show that when someone is
just messing around on one of our forms (to waste our time), they type
in a phone number like "555-555-5555" or "111-222-3333". Our Web forms
have three text boxes for each telephone number:

homephone1 = area code (3 digits)
homephone2 = prefix (3 digits)
homephone3 = suffix (4 digits)

businessphone1 = area code (3 digits)
businessphone2 = prefix (3 digits)
businessphone3 = suffix (4 digits)

My plan is to check for this pattern, then if I find it, just redirect
the user to the thank you page so they'll think the form was
processed, when it actually wasn't.

As we find additional patterns that people use for malicious data,
I'll enter those as well (e.g., 123-123-1234)

Also, if you see any tutorials, or articles that talk about "real
world" form validation please point me to them. I've been looking for
references for form-based validation logic that takes real world dummy
data into account, but haven't found much.


http://www.weitz.de/regex-coach/

--
"Success = 10% sweat + 90% tears"
Email: rrjanbiah-at-Y!com
Jul 17 '05 #8

P: n/a
In message <na********************@comcast.com>, Chung Leong
<ch***********@hotmail.com> writes
Here's the regexp that looks for the pattern you described:

preg_match("/(\\d)\\1{2}-(\\d)\\2{2}-(\\d)\\3{3}/", $n)

A better strategy is to get a list of all US and Canadian area codes on the
net and check to see if what the user entered is on it.


That doesn't stop them entering a number which is not theirs to go with
the code.

I stick to my original view - unless there is an actual *reason* for
wanting to contact the person by phone (instead of email) why bother
collecting a phone number? And in most cases there is *no* valid
reason. The only I can think of is where stuff is being ordered over
the Internet. Otherwise I believe it's straight into nosy-parker
country.

<snip>
--
Five Cats
Email to: cats_spam at uk2 dot net
Jul 17 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.