+1 571-297-6383 | info@sonjara.com

When Users Circumvent Your Validation

Have you ever looked at the data you capture on a web form and find yourself amused at the way people get around your attempts to validate the data they enter? For example, you have a required field and the user enters just "." or "x".

We recently had a issue where event start and/or end dates were missing from some records. This caused issues with the filtering of the records in reports and the display of the records. We retested the forms that capture events and verified the start and end date fields were requiring input and were validating the date format. However, we found it was possible to enter just zeros for a date and concluded this is what the clever user must have done to circumvent our field validation.

So the first thing we did was to improve our validation to check that each segment of the date is nonzero. Second, we pondered the question of why? It takes just as much time to enter zeros as a real date. Our best guess is that they just didn't know the information we were asking. Perhaps the event didn't have a firm date yet or was open-ended, leaving them uncertain what to enter in the end date field. So in addition to improving the validation, these forms will also have context help to let users know that their best guess or approximation on the event start and end dates is good enough.

Below is the updated javascript for the date validation:

var d = form["{$this->field}"].value.split(/\D+/);

if (form["{$this->field}"].value != "" && 
    (!form["{$this->field}"].value.match(/^\d{1,2}\/\d{1,2}\/\d{4}$/) ||
     (form["{$this->field}"].value.match(/^\d{1,2}\/\d{1,2}\/\d{4}$/) &&     
     (parseInt(d[0], 10) == 0 || parseInt(d[1], 10) == 0 || parseInt(d[2], 10) == 0))))
    alert("{$this->title} must be in the format MM/DD/YYYY");
    return false;
By Janice Gallant, posted on Saturday February 23, 2013


  • Form
    Posted by Bryan DaUone Bennett at 2017-10-27 01:51:58
    Form10-30₩ $! $$
* indicates required field