Assumptions when validating user data (Re: [Techtalk] SQL learning pointers)

Malcolm Tredinnick malcolm at commsecure.com.au
Tue Dec 3 14:05:52 EST 2002


On Tue, Dec 03, 2002 at 12:23:10PM +1100, Mary wrote:
> On Mon, Dec 02, 2002, Kai MacTane wrote:
> > Actually, the way I generally handle this sort of thing is to *only*
> > give them the characters they need. Who the hell has a semicolon in
> > their name?  If the field is "Phone Number", they get 0-9, ( ) and -,
> > plus space. That's it. If the user enters anything containing any
> > other character, they get a message asking them to enter a valid phone
> > number.
> 
> On a tangent, you need to be fairly careful with assumptions like these.
[...]
> USA-based sites regularly ask for state details, but only allow two
> characters for the state field, as the US Postal Service has helpfully
> given each state a two letter code. Other countries with states are not
> so lucky - I live in an Australian state with a three digit code, and I
> need to identify my address by either state or postal (not zip) code,
> preferrably both, to receive mail. There are suburbs with the same name
> as my suburb in several Australian states.

I have previously slipped into the assumption  (based on pleasant
experiences) that a lot of Open Source-style websites (conferences,
publishers, etc) tended to pay more attention to this stuff. Then last
year I went to register for the Ottawa Linux Symposium and discovered
that although they mostly handled international customers, they did
require a postcode or zip code. At the time I was living in Hong Kong,
which didn't have such things and they wouldn't accept 0000 on the web
form. International commerce is _tricky_. :-)

Malcolm

-- 
For every action there is an equal and opposite criticism.



More information about the Techtalk mailing list