| "Honest" users will continue to enter true data, and "dishonest" users will continue to make data up. |
This is the ultimate truth when it comes to validation. You cannot get around this fact no matter how much code you write.
You cannot validate the accuracy
of the information given to you by the user unless you have a database of information that you already know is accurate, or you use some 2-factor validation process that involves the user.
| Did what for hotmail and did not get what response? |
I assume he means that he implemented the steps in post #2 for email verification. It makes sense for large mail providers to not
return a useful response at step 7, because a useful response there is also useful to spammers who are trying to find valid accounts. I would not be surprised to see a provider return a useless response regardless of whether the email is valid or not. Additionally, a significant number of mail servers are set up with catch-all emails, so the mail server will accept the mail for delivery regardless of the existence of the address.
| what i meant is i want to stop people from typing in: ""aaaaa" but something like John will pass as it is "valid" even though it may not be your real name. |
Can you pragmatically define an accurate set of rules that determine valid names from invalid names? No. No one ever has, and no one ever will. Names are too complicated.
A lot of information can be verified with a 2-factor validation process:
* emails - send a validation email, ask the user to click on a link in it
* phone numbers - send the user a text or call them, ask them to enter the value you send
* credit cards - charge two small amounts, ask the user to enter the charged amounts
* names / addresses - ask the user to submit a drivers license or utility bill
If you have a massive database of valid personal information, you can use that to help with validation. That is what companies like BriteVerify do. They take the information you give them, try to find a match in their database for a person that they think is you, and then compare the information you entered against the information they have stored for "you" and throw an error if there are any differences.
For example, if you entered the right name and zip code, there's a pretty solid chance of them being able to locate a record with just that; and then the rest of the record is used to validate the other fields.
There are problems with this method though:
* Large, accurate and updated databases of personal information are very expensive to buy (despite the fact that almost all of the information in them is free)
* Maintaining your own large, accurate and updated database of personal information is even more expensive
* All databases only cover a subset of real people
* All databases contain errors
* These types of databases are very large (tens to hundreds of gigabytes) and computationally very expensive to search
So, ultimately, to answer your question:
Can someone point me to a direction on how to verify user input?
* You validate whether the value entered has the right syntax. For names, this means if(!empty($name)).
* If you need to validate the accuracy of information, you use a third party service or 2-factor validation if the type of data you're validating supports it.