jabn Posted January 9, 2015 Share Posted January 9, 2015 I have a form with PHP validation and also a mysqli query checking for duplicates in the database for mailing address and email address in mysql. It works fine but the customers are adding spaces in the mailing address for example 111 mailing address A V E, 1 1 1 ma iling address A V E etc. and my sql query doesn't see that as an address that's a duplicate. Their alslo adding email address like my@emailaddress.com and m.y@emailaddress.com, m.y.2@emailaddress.com etc to bypass that comparision also. Is there anyway to stop this from happening? Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/ Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 It sounds like you just accept the e-mail address and never actually send a mail to it. Is that true? Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502324 Share on other sites More sharing options...
jabn Posted January 9, 2015 Author Share Posted January 9, 2015 Yes Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502325 Share on other sites More sharing options...
jabn Posted January 9, 2015 Author Share Posted January 9, 2015 (edited) I'm thinking of grabing their IP and store it in the DB. Then check for IP duplicates. Then they can change their mailing address and email all they want. The only way around that is to fill out the form at a different IP. Does anyone think that's a bad idea? Edited January 9, 2015 by jabn Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502327 Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 The only way to stop people from registering multiple times is to personally verify their identity (through the ID, the driver's licence or whatever). Checking the IP or e-mail address is pointless, because anybody can have as many IP addresses and e-mail accounts as they want. There's no way you could change that. The best you can do is make sure that the e-mail address actually exists: Send a confirmation e-mail with a random number to the provided address. If the user doesn't confirm the registration within a certain time frame, you may cancel the registration. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502329 Share on other sites More sharing options...
jabn Posted January 9, 2015 Author Share Posted January 9, 2015 Yes that's good but the other issue is the mailing address. They could create multiple email addresses and verify that it exists. The mailing address is another issue. They can for example use 111 mailing address ave as 111 ma iling address a v e, 1 1 1 mailing address ave etc. and not be considered a duplicate. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502330 Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 No, they can't just add spaces, because then the confirmation mail will never reach them. The only reason why they can add random spaces right now is because you don't even check if the e-mail address exists. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502332 Share on other sites More sharing options...
jabn Posted January 9, 2015 Author Share Posted January 9, 2015 (edited) Please reread my comment. I'm talking "Mailing" address. Anyone can have multiple email addresses. so doing what you're saying still wont stop somebody from adding spaces to the "Mailing address. Email address yes but not "Mailing" Address. I see what you're saying about the email confirmation but they can create another email adress and add spaces to their mailing address. When they do this the problem still exists. Edited January 9, 2015 by jabn Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502333 Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 There's nothing you can do about the physical address except providing a drop-down menu instead of a text field. This requires a complete address database, of course. If you try to remove spaces, people will use abbreviations, similar-looking characters, random middle names and other variations which still result in a valid address. Why do you even care? Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502336 Share on other sites More sharing options...
jabn Posted January 9, 2015 Author Share Posted January 9, 2015 Because they will receive a free product. That's why they are doing what their doing to receive multiple freebees. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502338 Share on other sites More sharing options...
Jacques1 Posted January 9, 2015 Share Posted January 9, 2015 If the address database is not an option, consider binding the free product to something that is harder to get than an e-mail address and relatively easy to verify – like a (mobile) phone number. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502341 Share on other sites More sharing options...
jabn Posted January 9, 2015 Author Share Posted January 9, 2015 Looking at USPS Web Tools now. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502343 Share on other sites More sharing options...
Psycho Posted January 9, 2015 Share Posted January 9, 2015 Checking for unique email addresses is not of much value either. With a single gmail account you can use an number of aliases. For example, if your email address is username [@gmail.com] you can also use username+1, username+2, usernaem+abc, etc. etc. I think it allows up to 5 or 6 characters after the username. And they will all be "working" email addresses that go to the same mailbox. And, as Jacques1 stated, verifying mail addresses is very problematic as well. I once added Apt. #'s to my house address to register for a service multiple times. The "best" option is to use professional services that do merge/purge/dedupe operations for mailing addresses. Although, anything that is good will cost money. Here's one resource: http://www.qas.com/address-verification.htm 1 Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502349 Share on other sites More sharing options...
wezhind Posted January 10, 2015 Share Posted January 10, 2015 (edited) It's kind of pointless as pointed out by Jacques1, as users will just add other types of characters, but you could create a function that adds and removes spaces and then compares the results to the database. This would be quite db intensive though as there would be a lot of variations to compare. You could force users to only use a comma, space, and an alphanumeric character (I.. a-z, 0-9) when entering the address which would minimise some of the variations they can use. Another option I've just thought of, would be to count the spaces in each line of the address and any line exceeds a certain number (6 ?) then the user is told that the address is invalid (and why). This would also limit the no of variations a user could create. I don't think you are ever going to get a perfect solution - just by the nature of the issue - but even minimising the no of extra free products you have to send out will save you (or your client) some money in the end. Ok, nothing else springs to mind currently, but if I think of anything else I'll post it here. Good luck. Edited January 10, 2015 by wezhind Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502360 Share on other sites More sharing options...
Strider64 Posted January 10, 2015 Share Posted January 10, 2015 I remember a while back a company offering free products (samples) and what they did is took your credit card number (I am assuming they used a billing service) and charge a nominal fee like $5.00 or something like that. An when the product shipped the person was credited the money or so they said for I never tried it. The point being people will tend not to make multiple accounts if they might get socked with forking over money. The problem with this is two things, one you alienate some people and two some people won't bother signing-up. I fall in the the first category, I'm suspicious anytime a company asks for a CC#. Quote Link to comment https://forums.phpfreaks.com/topic/293784-how-to-stop-bypasssing-validation-by-adding-spaces-in-address-and-in-email-address/#findComment-1502362 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.