Delete comment from: Jeremiah Grossman
Usually strict checking against predefined pattern is a nightmare for users - everyone writes dates and phone numbers differently.
In such cases I prefer _extraction_ of data.
For example instead of checking for proper arrangement of spaces, hypehs, etc. in phone number, just remove all non-digit characters and you'll have safe and bulletproof input.
Oh, and please don't forget that + is legal character in e-mail username!
MTAs (gmail) can use it for tagging/filtering ([email protected])
Jan 30, 2007, 7:47:00 PM
Posted to Input validation or output filtering, which is better?