"Ashley Sheridan" <ash@xxxxxxxxxxxxxxxxxxxx> wrote in message news:1237498771.3562.22.camel@xxxxxxxxxxxxxxxxxxxxxxxx > On Thu, 2009-03-19 at 17:33 -0400, Marc Christopher Hall wrote: >> IP lookups are like Marxism, great idea in theory, terrible in reality. >> IP's >> can be spoofed. The best recommendation I can think of would be to add >> some >> word filters to your (I'm assuming javascript) form validation script. >> Even >> here caution needs to be used, i.e don't filter Moscow because there is a >> Moscow, Idaho >> >> >> >> >> -----Original Message----- >> From: Ashley Sheridan [mailto:ash@xxxxxxxxxxxxxxxxxxxx] >> Sent: Thursday, March 19, 2009 5:19 PM >> To: Shawn McKenzie >> Cc: php-general@xxxxxxxxxxxxx >> Subject: Re: Stopping bad entries in PHP form >> >> On Thu, 2009-03-19 at 16:04 -0500, Shawn McKenzie wrote: >> > Ashley Sheridan wrote: >> > > On Thu, 2009-03-19 at 13:46 -0700, sono-io@xxxxxxxxxxxxx wrote: >> > >> I have a PHP form that allows end users to request a sample of the >> > >> products we sell. Unfortunately, a person/people have found it and >> > >> are sending in bad requests. We sell only within the US, and so >> > >> I've >> > >> set up the form so that they must choose one of the 50 States. But >> > >> we >> >> > >> keep getting requests with countries in the city field, i.e. "Moscow >> > >> Russia". >> > >> >> > >> Is there a way that I can scan for country names, etc. in the text >> > >> fields and stop a request from going through if it finds one of >> > >> those >> > >> "banned" words? I've searched for a solution but haven't been able >> > >> to >> >> > >> find it. >> > >> >> > >> If this is not enough info, please let me know. Also, I only know >> > >> enough PHP just to be dangerous, so please be kind. =;) >> > >> >> > >> Thanks, >> > >> Frank >> > >> >> > > Why make them enter the details? Let them choose from a select list >> > > instead, forcing them to select a state. >> > > >> > > >> > > Ash >> > > www.ashleysheridan.co.uk >> > > >> > >> > Ummm... And what if they enter or select Texas? You consider it a >> > valid request even though they are really from Moscow and the other >> > fields may be junk? >> > >> > -- >> > Thanks! >> > -Shawn >> > http://www.spidean.com >> > >> Is it viable to couple it with an IP lookup to see the country they >> appear to be visiting from? >> >> >> Ash >> www.ashleysheridan.co.uk >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> __________ Information from ESET Smart Security, version of virus >> signature >> database 3949 (20090319) __________ >> >> The message was checked by ESET Smart Security. >> >> http://www.eset.com >> >> >> >> >> __________ Information from ESET Smart Security, version of virus >> signature >> database 3949 (20090319) __________ >> >> The message was checked by ESET Smart Security. >> >> http://www.eset.com >> >> >> > Filtering by Javascript is even worse than by IP, it's a matter of > seconds to turn that off, a little bit more to change the IP ;) > > Back to the OP; what kind of form is it that should only allow US > citizens to use it? > > > Ash > www.ashleysheridan.co.uk > Personally when I've had to provide sample code to people for a client like this I've found that the client prefers to have the requester to provide a phone number, and then have a CS rep contact them. I then set it up so the CS rep could generate a 1 day valid pass code for the web site that they then emailed to the prospective client. Solves several problems. 1. They know they are talking to a perspective customer, and can add them as a contact while validating the location fairly acurately. 2. It saves you a headache in validation code. c. It makes you look proactive to the client, and could help you in the future. Frank...yes I put c in there on purpose -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
