IP lookups are like Marxism, great idea in theory, terrible in reality. IP's can be spoofed. The best recommendation I can think of would be to add some word filters to your (I'm assuming javascript) form validation script. Even here caution needs to be used, i.e don't filter Moscow because there is a Moscow, Idaho -----Original Message----- From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] Sent: Thursday, March 19, 2009 5:19 PM To: Shawn McKenzie Cc: php-general@xxxxxxxxxxxxx Subject: Re: Stopping bad entries in PHP form On Thu, 2009-03-19 at 16:04 -0500, Shawn McKenzie wrote: > Ashley Sheridan wrote: > > On Thu, 2009-03-19 at 13:46 -0700, sono-io@xxxxxxxxxxxxx wrote: > >> I have a PHP form that allows end users to request a sample of the > >> products we sell. Unfortunately, a person/people have found it and > >> are sending in bad requests. We sell only within the US, and so I've > >> set up the form so that they must choose one of the 50 States. But we > >> keep getting requests with countries in the city field, i.e. "Moscow > >> Russia". > >> > >> Is there a way that I can scan for country names, etc. in the text > >> fields and stop a request from going through if it finds one of those > >> "banned" words? I've searched for a solution but haven't been able to > >> find it. > >> > >> If this is not enough info, please let me know. Also, I only know > >> enough PHP just to be dangerous, so please be kind. =;) > >> > >> Thanks, > >> Frank > >> > > Why make them enter the details? Let them choose from a select list > > instead, forcing them to select a state. > > > > > > Ash > > www.ashleysheridan.co.uk > > > > Ummm... And what if they enter or select Texas? You consider it a > valid request even though they are really from Moscow and the other > fields may be junk? > > -- > Thanks! > -Shawn > http://www.spidean.com > Is it viable to couple it with an IP lookup to see the country they appear to be visiting from? Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __________ Information from ESET Smart Security, version of virus signature database 3949 (20090319) __________ The message was checked by ESET Smart Security. http://www.eset.com __________ Information from ESET Smart Security, version of virus signature database 3949 (20090319) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
