Form Validation Techniques
by "Louise Dade" <louise.dade(at)ntlworld.com>
|
| Date: |
Sat, 1 Dec 2001 13:25:47 -0000 |
| To: |
<hwg-techniques(at)mail.hwg.org> |
| References: |
|
| |
todo: View
Thread,
Original
|
|
Hi!
Thanks to everybody's help a couple of weeks ago (re: "NT Server -- first
time user" topic), I have the website up and running with a mixture of asp
and perl.
With all this talk of sending forms to the server lately, I have a query
about validation techniques.
I have a form on a website that takes visitors names and email address for a
mailing list. This is done in the perl CGI script, and the names are added
to a flat file pipe-delimited database.
The validation I am doing at the moment checks to see if..
a) Any data is entered into the Name and Email fields.
- if not, the visitor is politely told to go back and enter the
missing data.
b) That the email is valid (ie, error if email !~ /.*\@.*\..*/).
- if not valid, the visitor is politely told to go back and enter a
valid email.
All validation is done by the perl script, no javascript is involved at all.
I am aware that somebody can enter a perfectly valid email address that
isn't actually a real address (or they type their name wrong or something).
So would you solve this problem by...
a) Adding the details to a temporary file and send out a confirmation email
to the address typed in, and in order for the visitor to be added to the
database they must click on a "confirmation" link. This then extracts the
temporary data, and adds it to the permanent database. The date will be
stamped on the details in the temporary database and anything that hasn't
been confirmed after 30 days will be deleted.
- or -
b) Have two Email fields (Email and Confirm Email), and validation is
performed by matching one against the other -- if they match, fine (assuming
they are valid emails in the first place), but if they don't, an error is
show and the visitor is politely told to re-enter their email details.
Method "a" is more labour intensive for me, the programmer, and the visitor
who has to go through the whole thing of recieving the email, clicking on
confirm etc. But method "b" might still introduce errors - for example, it
won't stop people deliberately entering spoof addresses for kicks (sick
people!) or it won't stop those who manage to misspell their email address
in both fields.
Also, I have noticed that some people don't capitalise the first letters of
their names in the "Name" field, which means when the mailing list is sent
out the personalisation says "Dear name," which doesn't look too
professional. I'd like it to say "Dear Name," whatever somebody types into
the Name field.
How would I identify if the first letter of the name is capitalised? I'm
sure regular expression pattern matching can be employed. BUT, while it is
perfectly acceptable to tell people that they have entered Name or Email
data incorrectly, I really think it would be too much to tell people that
they aren't capitalising their names!!!
So how would you go about...
- identifying if the first letter of the Name field is capitalised and...
- if not, isolating it, capitalising it and then adding it back to the whole
name before it is entered into the database?
I'm still mastering the art of regular expressions, so apologies if this is
a really easy task to perform.
While I think of it, I'm on digest mode, so don't know if it's been
answered, but for the person who was having trouble with formmail, I believe
"email" is a required field for security reasons, regardless of whether you
specify it as required or not. The email MUST come from somewhere. Just set
"email" as a hidden field, with your own email address in it, and then have
visitor's email with a different field name.
Louise
=========================================
www.classical-webdesigns.co.uk
www.classical-webdesigns.co.uk/falco/ - the Roman sleuth!
www.qmt.org.uk - The Queen Mother Theatre
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA