I have a form on a client’s website which requires the user to enter a valid postcode. Recently some users have been adding fake postcodes (“zz123 456” etc…). I need to add some validation to make sure that the postcode is a valid UK postcode.
How would I go about validating a postcode? Surely I cant test every single postcode against what was entered by the user. My thinking is to just check the first 2 characters of the postcode, however, some postcodes allows the second character to be a number and not a letter.
That might be worth it for them, if they do enough business to justify the cost. Once set up they could check the submitted address against that database. I don’t know if there are any free databases of UK address out there (or at least of all valid post codes)
UK postcodes are quite sophisticated though, and I have seen regexes around that do sort out which numbers are allowed with which letters combinations. (for example the letter “O” will never appear, it would be too easy to confuse it with a zero).
It ought to be possible to at least identify that the first letter (or two depending on the town) is valid, and then go on to run the regex.
You can reduce the number of people accidentally getting their postcode wrong with a regex that allows any of the following formats:
A1 1AA | A11 1AA | AA1 1AA | AA11 1AA | A1A 1AA | AA1A 1AA
You can stop people entering non-existent postcodes that match the correct format by validating entries against the Postcode Address File.
What you can’t stop people doing is deliberately or mistakenly entering the wrong postcode. And it’s trivially easy to get someone else’s postcode to put in. Websites that strictly enforce a valid postcode often find that they have lots of entries for 10 Downing Street, the BBC and their own address. If people want to put in an incorrect postcode, there is nothing you can do to stop them. The question you have to ask is … why are people so keen to put in a fake postcode? If their postcode was essential to the process (eg for delivery) then they clearly would want to put their own postcode in and get it right. So we can only assume that you’re collecting postcodes for reasons that users see as irrelevant, unnecessary or at worst malevolent. So you have to ask yourself (i) do you really need the postcode, or is there some other information that you can ask for instead? and (ii) if you do need the postcode, can you explain to users why it’s important to have it accurate?
Not quote true – the letter ‘O’ can appear in the first portion of the code (and does for anyone living in or around Colchester, Oldham, Oxford, Portsmouth, Southampton and York), where there is a limited number of different permutations and so it couldn’t be mistaken for a zero – but the letters in the second portion can never include any of CIKMOV. There are also rules about the trailing letter at the end of the first part, but that format only applies to a small number of districts in central London, so isn’t relevant for most people.[/font]