-
Concise Validation
In the Coding tips & tutorials threads Forum in Dynamic Drive there lives a post by mburt with the title
Concise PHP Form Validation. Nice little tut. In the $conditions array I wish to introduce a line for validating
a number entry for phone,
$conditions = array(
"name" => (strlen($y) < 5),
"phone" => (validate a number entry),
"email" => (!filter_var($y, FILTER_VALIDATE_EMAIL)),
"message" => (strlen($y) < 10));
and to have the option within the code..... to not have the phone input a strict requirement of the form!
Thanks in advance for any thoughts on achieving this functionality?
mburt's validate php code as follows:
PHP Code:
<?php
function check_posts() {
$found = array();
foreach ($_POST as $x => $y) {
$conditions = array("first" => (strlen($y) < 5), "last" => (strlen($y) < 2),
"email" => (!filter_var($y, FILTER_VALIDATE_EMAIL)), "password" => (strlen($y) < 5),
"password_check" => ($_POST["password_check"] != $_POST["password"]));
$errors = array(
"first" => "fname less then 5 ", "last" => "last name less then 2", "email" => "invalid email",
"password" => "pass less than 5", "password_check" => "second pass didnt match first");
if ($conditions[$x]) $found[] = $errors[$x];
}
$i = 1; if (count($found) > 0) {
foreach ($found as $z) { echo "<p>$i. $z</p>"; $i++; }
} else {
echo "passed validation.";
//validation code
}
}
-
Which country are you validating for, different country have very different ways of writing number.
In UK alone, we have many different ways.
- (01234) 567890
- (01234) 567 890
- (0123) 4567 890
- (0123) 45 67 890
etc.
There are a couple of methods for validating phone numbers, although the best method is still to have an automated service that verifies the number directly, by phoning it and asking for confirmation. Very often these services will use text verification if it detects that the number is a mobile device.
Anyway, here's how to validate american numbers:
http://blog.stevenlevithan.com/archi...e-phone-number
And here's one for the UK:
http://www.braemoor.co.uk/software/telnumbers.shtml
Be aware though, that no programmable method of verification is foolproof, even an automated service. Human verification is the only concise way of validating a phone number. Even using an API from a company like 192 wouldn't be 100% accurate because of ex-directory and telephone preference users.
-
I was seeking to keep it super simple by just validating for number entries only from 0 - 9. I would not be trying to validate
for a country etc. Just think of numbers and not phone no's.
That is a concise way of validating numbers only in a format that would work between
the (validate a number entry ) below ?
"name" => (strlen($y) < 5),
"phone" => (validate a number entry inclusive of digits from 0-9),
"email" => (!filter_var($y, FILTER_VALIDATE_EMAIL)),
"message" => (strlen($y) < 10));
-
That won't quite work. Phone numbers might contain hyphens and parentheses, and maybe spaces. You could require that they don't, but that would require a lot of explanation for the users, and they might often ignore that.
You could strip out spaces, hyphens and parentheses and then hope that what is left is just numbers.
Another way of looking at it is to verify that it contains at least one number. That way if other things are there too, you know at least there is some number in the field (not all letters). Maybe a minimum of three numbers (or 5? 7?) is best, but that may vary a lot by area. If you could make it country specific, you could provide several boxes, such as country code, area code, first half, second half, etc. (That's a US number pattern but you get the idea.)
Additionally, there are also in theory some numbers that contain letters, like 1-800-CALL-COMPANY. Those can also be represented numerically, but in the end it just sounds like a lot of work to verify these things.
Just for your information, you can verify that something is a number very easily: is_numeric($number). TRUE for numbers (integers and strings representing numbers), FALSE for other things. BUT... in this case I don't recommend it, for the reasons above. If you did strip out things like spaces, hyphens and parentheses, you could use that. str_replace() can take out those things for you. Then you might be ok. It doesn't solve the problem of unexpected symbols in the input (other countries?) or the small possibility of having a letter in the number.
Finally, some general advice:
Think of this as helping the user to remember to input a valid number. You can't force them to do that-- it's not security. If they want to bypass your settings, all they need to do is use 123-4567 as their number. Done. That's what I'd do.
So instead, just think of it as being helpful. In that way, I have two ideas:
1) This might be better as a client side script in JS, so that it could say "wait, make sure your number is correct" before they submit the form. You can do this serverside (maybe it's even better) but that would require displaying the form again and (hopefully) pre-inserting the values for all fields that they have already submitted. More work for you.
2) Use this as a method to help them to check if the number looks weird, not to permanently reject it if so. "The number you entered was in a format that our computers did not recognize; please confirm that this is the number you intend to submit and try again. If the number is correct, you may ignore this warning and submit it again." (Or a simplified version of that.)
-
To be honest with you, the only time you need to validate phone numbers is if you want to integrate them into a PBX or other dialing system. In that case, the exchange/PBX you are using will have a validation feature within it.
Is this something you will be doing?
If not, it's best just to do the generic checks on it to rule out any malicious code and then shove it in the database. If you're not validating for a particular country then the sheer list of variations that could be entered and be perfectly valid is vast. Far more than a simple php "on-the-fly" validation script could handle. It would be an API in itself with tens of thousands of lines of code. Having said that, if it is essential then I'm sure enough digging could uncover one on the net somewhere; or you could hire a programmer to design a bespoke API for you to validate global numbers. Unfortunately, because of the variations of valid entries, there's no such thing as a simple solution.
-
I would not be thinking international as things would be more local. An Irish local phone number would have no more
than 12 digits. I would not be worried about white or blank spaces. Probably more worried about letter entries by
mistake. It is just to collect the number info so that somebody can phone the person back.
"name" => (strlen($y) < 5), This allows for a min of 5 letters.
"phone" => (validate a number entry inclusive of digits from 0-9), How might I write the phone strlen to reflect
the <12 numbers that can be made up of characters 0-9.
-
I think I gave you everything you need in my post above. strlen() can be used, but I don't see the point if you're not requiring a specific format. What if there are 100 spaces at the end? Does that matter?
Again, I strongly suggest a one time warning telling the user that the format appears to be strange. If they insist on still submitting a bad number after that, then what can you do? They'll eventually write back if it matters.
-
Here's a regular expression that should work:
PHP Code:
preg_match('|^\s*(\(?\s*\d{1,4}\s*\)?\s*[\d\s]{5,10})\s*$|', $phoneNumber);
Or one even more tailored to Ireland, from http://regexlib.com/REDetails.aspx?regexp_id=2485
Code:
\+353\(0\)\s\d\s\d{3}\s\d{4}
-
Thanks guys... I have stuck with this for the moment.
"phone" => (strlen($y) < 8),
-
Try this:
PHP Code:
"phone" => (preg_match('|^\s*(\(?\s*\d{1,4}\s*\)?\s*[\d\s]{5,10})\s*$|', $y)),
It's tailored to Ireland's phone number format.
