Practical application of regex in forms

Any questions involving matching text strings to patterns - the pattern is called a "regular expression."

Moderator: General Moderators

Post Reply
kenoli
Forum Newbie
Posts: 8
Joined: Tue Oct 24, 2006 10:15 am

Practical application of regex in forms

Post by kenoli »

I wonder if anyone can point me to a good discussion about the practical application of regex in forms. Trying to validate every field in a form can be quite daunting and it seems necessary to make some choices about what is validated and to what degree. I'm interested in what experienced coders have to say about this, especially what solutions they have come to through experience.

Areas that are daunting to me are international formats like postal codes and phone numbers that vary hugely from country to country and ways to keep stuff out of forms that might break susequent code.

There are several issues of course, like trying to get good data by refusing obviously flawed imput (like a US phone number in the form xxx-xxx, while also accepting international numbers), text fields with numbers and extraneous characters (pretty straight forward), and security issues.

Any of these are easily handled if there are only one or two fields in the form, but when you have dozens of fields it seems impossible to check everything and decisions need to be made as to what is most important.

Thanks,

--Kenoli
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

I'm not sure what exactly it is that you're asking, but here's some comments, hoping they would be of help.

Validation != Regex. Validation >> Regex ;)
That is to say, although regex are useful when validating, sometimes they may not be enough and sometimes they are overkill.
Trying to validate every field in a form can be quite daunting and it seems necessary to make some choices about what is validated and to what degree.
...
but when you have dozens of fields it seems impossible to check everything and decisions need to be made as to what is most important.
Everything must be validated, to the fullest extent possible!

If your method of validation is cumbersome to use, I suggest you change it untill it is pleasant enough.
If you build a collection of validation functions like IsEmail(), IsUsPhone() etc., validation is reduced to a single expression:

Code: Select all

if (!IsUsPhone($_GET['phone'])) ...
kenoli
Forum Newbie
Posts: 8
Joined: Tue Oct 24, 2006 10:15 am

Practical application of regex in forms

Post by kenoli »

Guess I have to bite the bullet.

So, here's a specific question. What is a good way to validate phone numbers when they are coming from many different countries, since there are so many different formats and different habits, like some people include country codes and others do not (most people from the USA leave out their country code). I could say it can only include numbers "-" and "()". Is that adequate?

--Kenoli
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

depending on how thorough you want to get
  • Strip non-numeric characters.
  • You can ask them if the number includes the country code (otherwise assume its the same as the country they list in their address) this way you can automatically add it into their submission data if they chose not to include it.
  • Most, if not all, nations have a specific number of digits in their phone numbers and some have limitations in certain digit ranges. http://en.wikipedia.org/wiki/Category:T ... ring_plans may be of interest
Post Reply