Detecting UK postcode

Hi all,

I have a form on a client’s website which requires the user to enter a valid postcode. Recently some users have been adding fake postcodes (“zz123 456” etc…). I need to add some validation to make sure that the postcode is a valid UK postcode.

Here a is a map showing UK postcodes:

How would I go about validating a postcode? Surely I cant test every single postcode against what was entered by the user. My thinking is to just check the first 2 characters of the postcode, however, some postcodes allows the second character to be a number and not a letter.

Im interested to here your comments. Thanks.

There’s some info here, including a free API version.

Or you can upload this to your database:


Just noticed - this file can only be used to check the first part of the post code

Thanks for the useful replies guys, I shall look into this in a more depth later.
Out of interest, would there be a way in PHP to do this without having loads of if…elses?

You could use a regular expression to test your input against, but it would be quite messy and hard to maintain.
As it is, I prefer 2ndmouse’s API solution.

I’ve used the google maps api in the past, going through this search will explain some of the pros and cons [google]google api to lookup uk postcode[/google].

The us census puts out official zip code files every 8-12 years that you can download and place in your local table for your own quick verification.

I think the op is talking about UK postcodes here.

Woops :slight_smile:

That might be worth it for them, if they do enough business to justify the cost. Once set up they could check the submitted address against that database. I don’t know if there are any free databases of UK address out there (or at least of all valid post codes)

UK postcodes are quite sophisticated though, and I have seen regexes around that do sort out which numbers are allowed with which letters combinations. (for example the letter “O” will never appear, it would be too easy to confuse it with a zero).

It ought to be possible to at least identify that the first letter (or two depending on the town) is valid, and then go on to run the regex.

See the wikipedia page on UK postcodes for a fuller run down if you do want to better understand them.

ie maybe:

a) check first letter (or two), on false, fail
b) run a (more expensive in cycles) regex pattern match, on false, fail
c) cURL out to a lookup

Taking your example “zz123 456” zz is clearly not one of the recognised prefixes, so abort.

But even if it were “GU12 123” one of the aforementioned established regexes would then fail it, so abort.

If this still permits enough bad postcodes to be a problem, then consider going out to the apis.

[google]UK postcode regex[/google] - google results


You can reduce the number of people accidentally getting their postcode wrong with a regex that allows any of the following formats:
A1 1AA | A11 1AA | AA1 1AA | AA11 1AA | A1A 1AA | AA1A 1AA

You can stop people entering non-existent postcodes that match the correct format by validating entries against the Postcode Address File.

What you can’t stop people doing is deliberately or mistakenly entering the wrong postcode. And it’s trivially easy to get someone else’s postcode to put in. Websites that strictly enforce a valid postcode often find that they have lots of entries for 10 Downing Street, the BBC and their own address. If people want to put in an incorrect postcode, there is nothing you can do to stop them. The question you have to ask is … why are people so keen to put in a fake postcode? If their postcode was essential to the process (eg for delivery) then they clearly would want to put their own postcode in and get it right. So we can only assume that you’re collecting postcodes for reasons that users see as irrelevant, unnecessary or at worst malevolent. So you have to ask yourself (i) do you really need the postcode, or is there some other information that you can ask for instead? and (ii) if you do need the postcode, can you explain to users why it’s important to have it accurate?

Not quote true – the letter ‘O’ can appear in the first portion of the code (and does for anyone living in or around Colchester, Oldham, Oxford, Portsmouth, Southampton and York), where there is a limited number of different permutations and so it couldn’t be mistaken for a zero – but the letters in the second portion can never include any of CIKMOV. There are also rules about the trailing letter at the end of the first part, but that format only applies to a small number of districts in central London, so isn’t relevant for most people.[/font]

I think that post code database is free to use, you should have a good read through its licensing stuff to make sure if its free, and any gotchas with the legal stuff

A regular expression check would be the easiest way to go about this, as this will determine whether the user input matches the standard format for a UK postcode. A regular expression check is built into Postcode Anywhere’s Interactive_Find service, which in addition returns a list of the addresses contained within any valid UK postcode. You can try out the service free on our [URL=“”]website.

Thank you, I did not know that.