Re: global address collection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 10:18 AM -0500 1/8/08, Eric Butera wrote:

On Jan 8, 2008 10:08 AM, tedd <tedd.sperling@xxxxxxxxx> wrote:

 I just finished a credit card portion for a site where the programmer
 before me required the customers to enter their credit card number
 without spaces -- why?  It's a simple matter to remove spaces for
 processing -- why throw that responsibility on the user?


I agree that removing spaces really isn't a huge deal, but aside from
that I don't think there should be any other modification.  I've seen
code that will regex out anything but numbers.  I think this is bad
practice because we as programmers should validate, not modify data.
Anything above and beyond that is sticking your neck out too far and
will lead to problems sooner or later.

What if the user mistyped what they intended?  If the script just
validates it will see the user accidently typed in a letter in the
field and re-display it asking for numbers only.  If it strips out the
letters, then you've just sent the potentially invalid number to the
gateway which in the end will be a charge against the client for a
failed attempt.
Understood, and agreed. Generally, don't modify the data provided, but rather validate the form of the data. However, white space is a different critter in some data and is basically used to help customers accurately enter/see their credit card numbers.
It's common for us to more easily identify strings in 3 and 4 combinations than it is to try to see the entire string at one time. Research for this has been around for a long time, please review: 

http://symboldomains.com/sperling.html

No relation to me.
If you look at what's required by the credit card company, then you can make some valid assumptions. For example, credit card numbers for the popular credit card companies do not use anything but numbers in the card -- and the number of numbers is constant. As such, you can check for a valid credit card number prior to sending it out. There's lots of stuff you can do, but you also dig yourself a deeper hole if you're wrong. 

Cheers,

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux