Sublime directory Surf the web anonymous Pagerank Monitor

postcode check script

SilentMercy
Sun 29 July 2007, 02:54 am GMT +0300
Olaf, please review this.  I wanted a scipt to check the validity of the post code entered.(So only valid codes fill my database).  I wanted to give a little back to help someone else save the time I spent.  Cheers!  :)

This is what I came up with.  I added this to the ext_user_profile.php

The tables used can be downloaded @ http://www.sanisoft.com/phpziplocator.

Here is the simple code I added.  Appears to work fine so far, but please review.

 I added this to the extra_text: $extra_msg[4] = "Postcode is invalid!  Try again.";

Code:
function save_profile_date($ident = "", $lang = "", $address = "", $pc = "", $city = "", $country = "", $phone = "", $fax = "", $hp = "", $notes = "", $field1 = "", $field2 = "", $field3 = "", $field4 = ""){
   //zip code check here....
    $work = mysql_query("SELECT * FROM zipdata where zipcode = '$pc' ") or die (mysql_error());
    $result = mysql_fetch_array($work);
    if ($result['zipcode'] != $pc) {$this->the_msg = $this->extra_text(4);
    return;
    }
    else {
   {
    if (!empty($ident)) {
       $sql = sprintf("UPDATE %s SET language=%s, address=%s, postcode=%s, city=%s, country=%s, phone=%s, fax=%s, homepage=%s, notes=%s, %s=%s, %s=%s, %s=%s, %s=%s, user_info=NOW() WHERE id = %s AND users_id = %d",
        PROFILE_TABLE, $this->ins_string($lang), $this->ins_string($address), $this->ins_string($pc),
        $this->ins_string($city), $this->ins_string($country), $this->ins_string($phone), $this->ins_string($fax),
        $this->ins_string($hp), $this->ins_string($notes), TBL_USERFIELD_1, $this->ins_string($field1),
        TBL_USERFIELD_2, $this->ins_string($field2), TBL_USERFIELD_3, $this->ins_string($field3),
        TBL_USERFIELD_4, $this->ins_string($field4), $this->ins_string($ident, "int"), $_SESSION['user_id']);
    } else {
      $sql = sprintf("INSERT INTO %s (id, users_id, language, address, postcode, city, country, phone, fax, homepage, notes, %s, %s, %s, %s, last_change) VALUES (NULL, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, NOW())",
        PROFILE_TABLE, TBL_USERFIELD_1, TBL_USERFIELD_2, TBL_USERFIELD_3,
        TBL_USERFIELD_4, $_SESSION['user_id'], $this->ins_string($lang), $this->ins_string($address),
        $this->ins_string($pc), $this->ins_string($city), $this->ins_string($country), $this->ins_string($phone),
        $this->ins_string($fax), $this->ins_string($hp), $this->ins_string($notes), $this->ins_string($field1),
        $this->ins_string($field2), $this->ins_string($field3), $this->ins_string($field4));
    } 
    if (mysql_query($sql) or die (mysql_error())) {
      $this->profile_id = (empty($_SESSION['is_rec'])) ? mysql_insert_id() : $ident;
      $this->the_msg = $this->extra_text(2);
    } else {
      $this->the_msg = $this->extra_text(3);
    }
  }  } }
olaf
Sun 29 July 2007, 11:16 am GMT +0300
hmm... nice, I know that the US zip code is 100% numeric, testing the value against a database is possible but is a test against a regular expression not faster (enough)?
SilentMercy
Sun 29 July 2007, 09:42 pm GMT +0300
I think what your saying is use the regular expressions to check for the correct snytax of the postcode entered, when what I had in mind(which probably takes longer);  is to check the submitted value against a complete listing of all postal codes.

I want to ensure when a search is done later that all results are valid. Is this over kill and if so, can you reccommend a better method.

Cheers!
olaf
Sun 29 July 2007, 11:08 pm GMT +0300
but how do you protect your application about cheating entries? do you have second validation that the entered value belongs to the user?
SilentMercy
Sun 29 July 2007, 11:15 pm GMT +0300
Fair enough, I was pretty tired last night and did not think of that immediately.  I will add the testing with the regular expressions before it is checked against the database for validity.

:-[
olaf
Mon 30 July 2007, 12:53 am GMT +0300
Quote from: SilentMercy on Jul 29, 2007, 11:15:37 PM
Fair enough, I was pretty tired last night and did not think of that immediately.  I will add the testing with the regular expressions before it is checked against the database for validity.

 :-[

that will not help :(

if you need to be 100% sure you need to match the postal code against the address/city
SilentMercy
Mon 30 July 2007, 01:31 am GMT +0300
I think I understand .  So take the postcode, and check against the address & city sumitted.  This may be more than what I need, but you answered my question on how make 100% sure it's valid. 

Thanks !
olaf
Mon 30 July 2007, 08:05 am GMT +0300
Quote from: SilentMercy on Jul 30, 2007, 01:31:07 AM
I think I understand .  So take the postcode, and check against the address & city sumitted.  This may be more than what I need, but you answered my question on how make 100% sure it's valid. 

Thanks !

you're welcome, be sure that you only validate the data you really need. It makes no sense to validate the address from someone who has the chance to win $1mio if he enter his address :D
Archive for SMF v1.00 by N.P. Valid XHTML 1.0 Transitional