On Thu, 2009-03-19 at 17:33 -0400, Marc Christopher Hall wrote: > IP lookups are like Marxism, great idea in theory, terrible in reality. IP's > can be spoofed. The best recommendation I can think of would be to add some > word filters to your (I'm assuming javascript) form validation script. Even > here caution needs to be used, i.e don't filter Moscow because there is a > Moscow, Idaho > > > > > -----Original Message----- > From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] > Sent: Thursday, March 19, 2009 5:19 PM > To: Shawn McKenzie > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: Stopping bad entries in PHP form > > On Thu, 2009-03-19 at 16:04 -0500, Shawn McKenzie wrote: > > Ashley Sheridan wrote: > > > On Thu, 2009-03-19 at 13:46 -0700, sono-io@xxxxxxxxxxxxx wrote: > > >> I have a PHP form that allows end users to request a sample of the > > >> products we sell. Unfortunately, a person/people have found it and > > >> are sending in bad requests. We sell only within the US, and so I've > > >> set up the form so that they must choose one of the 50 States. But we > > > >> keep getting requests with countries in the city field, i.e. "Moscow > > >> Russia". > > >> > > >> Is there a way that I can scan for country names, etc. in the text > > >> fields and stop a request from going through if it finds one of those > > >> "banned" words? I've searched for a solution but haven't been able to > > > >> find it. > > >> > > >> If this is not enough info, please let me know. Also, I only know > > >> enough PHP just to be dangerous, so please be kind. =;) > > >> > > >> Thanks, > > >> Frank > > >> > > > Why make them enter the details? Let them choose from a select list > > > instead, forcing them to select a state. > > > > > > > > > Ash > > > www.ashleysheridan.co.uk > > > > > > > Ummm... And what if they enter or select Texas? You consider it a > > valid request even though they are really from Moscow and the other > > fields may be junk? > > > > -- > > Thanks! > > -Shawn > > http://www.spidean.com > > > Is it viable to couple it with an IP lookup to see the country they > appear to be visiting from? > > > Ash > www.ashleysheridan.co.uk > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > __________ Information from ESET Smart Security, version of virus signature > database 3949 (20090319) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > __________ Information from ESET Smart Security, version of virus signature > database 3949 (20090319) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > Filtering by Javascript is even worse than by IP, it's a matter of seconds to turn that off, a little bit more to change the IP ;) Back to the OP; what kind of form is it that should only allow US citizens to use it? Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
