Just a few minutes ago I read Jamie Nay’s A Better Postal/Zip Code Validation Method for CakePHP 1.2 blog post.
Jamie says that “The Validation::postal() method that comes with CakePHP 1.2 is good in that it can handle a number of different country formats, but the problem is you can only validate your data against one country. What if you want to accept, say, either Canadian or US postal/zip code formats? I ran into this problem earlier today, and decided to write my own postal() function that can take either a string as the country, just like Validation::postal(), or an array of countries.”
I’m probably going to have to wait for Jamie to wake up before my comment on that blog-post is approved, but the crux of it is “Don’t”. Don’t write your own code to validate user input, unless of course the input data is specific to a problem domain that others haven’t catered for yet.
I drew attention to two things. The first is that there are Validation packages in PEAR, including the main Validate class and all the Validate_xx subclasses such as Validate_US, Validate_CA and some 22 others).
The second item I drew Jamie’s attention to is that his validation code counts a zip code of “00000″ as valid, when the USPS zip code look up tool correctly (and they should know!) identifies that code as invalid.
Why spend time writing and debugging regular expressions, compiling lists of valid data and so on when other people have already done this work? Especially when it comes down to such things as validating data input which is crucial when you need to guard against cross site scripting vulnerabilities.
Focus on what you need to do rather than reimplementing what others have already done.
Honestly, this probably should be subtitled – “Stop the NIH craziness, please” – though to be fair Jamie might not have known of the solutions already out there.