Assumptions when validating user data (Re: [Techtalk] SQL learning pointers)
Malcolm Tredinnick
malcolm at commsecure.com.au
Wed Dec 4 11:59:22 EST 2002
Difficult to know when we are too far away from the "techtalk" charter,
but I'll continue to fan the flames...
On Tue, Dec 03, 2002 at 09:41:24AM -0800, Kai MacTane wrote:
> At 12/3/02 02:08 AM , Mary wrote:
>
> >But please, optional state names/codes outside the US :) I've seen the
> >reverse, where as soon as you select a non-US country, both the "zip"
> >code and state forms are disabled which makes it hard or impossible to
> >deliver Australian mail :)
>
> This got me wondering about how I did this the last time I needed to. So I
> went and checked, and I set it up like so:
>
> Name, Address, City and Country are required.
> They all took free-form text
> fields, because this was before I got hep to Web security. Then again, the
> results of that form were just getting put into an email, not run through
> any SQL statements, so an unescaped apostrophe wouldn't cause any mischief
> anyway.
>
> The fields labeled "State/Province" and "Postal Code" are optional on the
> form. However, if "Country" is set to either "USA" (the default) or
> "Canada", then the processing script will ask for them if they're not
> filled out. (Seems like I should have added Australia to that.)
You cannot _require_ the state in Australia (requiring the postal code
is fine), since there are postal codes that do not correspond to any
state (certain government and military ones, for example). A similar
situation exists in the USA, I believe (some zip codes have no state).
Malcolm
--
Plan to be spontaneous - tomorrow.
More information about the Techtalk
mailing list