Archive for the 'Programmers Toolbox' Category

Performing address verification (AVS) is a must for any non-retail business, especially Internet-based merchants. Popular gateways like Authorize.net make performing AVS easy. You only need to send over the customer’s zip code and full street address to perform AVS successfully. However, other less popular and advanced gateway like the LinkPoint API require you to provide it with the house number of a customer’s street address. (e.g. if the street address is 123 Main Street the house number is 123).

AVS works by validating the house number provided by the customer against the house number of the billing address the card issuing bank has on file. However, the house number is not necessarily in the typical format demonstrated above. A PO Box or Rural Route will not have the house number first in the street address.

So how do you get this number from the street address if the number may appear anywhere in the street address? With regular expressions of course! The solution is pretty simple although an explanation of how the regular express works will not be provided (but I will tell you it does provide you with the first set of digits it finds in the street address). The regular expression used will work in any language that support Perl Compatible Regular Expressions (PCRE). The code is written in PHP.


// The street address provided by the customer
$address = "123 Main Street";


// The regular expression that gets the first set of digits in the address
$number = preg_replace('/^.*?(\d+).*$/i', '$1', $address);


// Echo out the house number
echo $number;


Any good web developer will tell you that you must always validate user input before doing anything with it in your software. The primary reason for this is to prevent malicious users from entering bad data that can harm your website. But another reason for this is honest users may erroneously enter invalid data. This bad data may cause errors in your software preventing it from functioning properly and causing your users to be frustrated. In ecommerce, that frustration means losing a customer every time.

So what data might you need to validate in an ecommerce environment? Typically user demographic information (i.e. telephone numbers, email addresses) and credit card information (i.e. credit card number, expiration date). In this blog entry we will focus on validating credit card numbers. Examples will be in PHP but the regular expressions used will work in any language that support Perl Compatible Regular Expressions (PCRE).

Credit Card Numbers
Credit card numbers are never longer then 16 digits. The INPUT form field used to collect this data should have a MAXLENGTH of 16 (maxlength=”16″) set to prevent users from enterring more digits then is allowed for any credit card issuer.

Visa
Visa credit cards are always 16 digits long and start with a four (4). Users may enter this in any of the following formats:

• XXXX-XXXX-XXXX-XXXX
• XXXX XXXX XXXX XXXX
• XXXXXXXXXXXXXXXX

Here is our code to validate a Visa credit card:

if (preg_match('/^4\d{3}[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/i', $visa_cc_number))
{
// Visa number is correct
}
else
{
// Visa number is incorrect
}


MasterCard
MasterCard credit cards are always 16 digits long and start with a five (5). Users may enter this in any of the following formats:

• XXXX-XXXX-XXXX-XXXX
• XXXX XXXX XXXX XXXX
• XXXXXXXXXXXXXXXX

Here is our code to validate a MasterCard credit card:

if (preg_match('/^5\d{3}[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/i', $mastercard_cc_number))
{
// MasterCard number is correct
}
else
{
// MasterCard number is incorrect
}


Discover Card
Discover Card credit cards are always 16 digits long and start with 6011. Users may enter this in any of the following formats:

• XXXX-XXXX-XXXX-XXXX
• XXXX XXXX XXXX XXXX
• XXXXXXXXXXXXXXXX

Here is our code to validate a Discover Card credit card:

if (preg_match('/^6011[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/i', $discover_cc_number))
{
// Discover Card number is correct
}
else
{
// Discover Card number is incorrect
}


American Express
American Express credit cards are always 15 digits long and start with three (3). Users may enter this in any of the following formats:

• XXXX-XXXXXX-XXXXX
• XXXX XXXXXX XXXXX
• XXXXXXXXXXXXXXX

Here is our code to validate a American Express credit card:

if (preg_match('/^3\d{3}[ \-]?\d{6}[ \-]?\d{5}$/i', $amex_cc_number))
{
// American Express number is correct
}
else
{
// American Express number is incorrect
}


So how do we wrap this all together into something coherent that can be practically applied to a website? We will take the credit card number and look at the first number of the credit card number. We will then validate it based on whether it is a 3, 4, 5, or 6. If it isn’t any of the four we’ll just tell the user to try again. (The following code is PHP).


$cc_number = trim($_POST['cc_number']);
$first_number = substr($cc_number, 0, 1);
switch ($first_number)
{
case 3:
if (preg_match('/^3\d{3}[ \-]?\d{6}[ \-]?\d{5}$/', $cc_number))
{
// American Express number is correct. Process the credit card.
}
else
{
// error
}
break;
case 4:
if (preg_match('/^4\d{3}[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/', $cc_number))
{
// Visa number is correct. Process the credit card.
}
else
{
// error
}
break;
case 5:
if (preg_match('/^5\d{3}[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/', $cc_number))
{
// MasterCard number is correct. Process the credit card.
}
else
{
// error
}
break;
case 6:
if (preg_match('/^6011[ \-]?\d{4}[ \-]?\d{4}[ \-]?\d{4}$/', $cc_number))
{
// Discover Card number is correct. Process the credit card.
}
else
{
// error
}
break;
default:
// error
}