I have a website form that requires a US phone number input for follow up purposes, and this is very necessary in this case. I want try to eliminate users entering junk data 330-000-0000. I have seen some options of third parties that validate phone numbers for you, however idk if that is the best option for this situation. However if you have every used one of these third parties and can make a recommendation that would also be greatly appreciated here.

However I am considering checking the number against a set of rules to just try to narrow down the junk phone numbers received.

  • not a 555 number
  • does not contain 7 identical digits
  • valid area code (this is readily available)
  • not a 123-1234 or 123-4567
  • I guess I could also count out 867-5309 (heh*)

Would this result in any situations that you can think of that would not allow a user to enter their phone number? Could you think of any other rules that a phone number should not contain? Any other thoughts?


It seems to me that you're putting more effort into this than it warrants. Consider:

If your purpose is to guard against mis-entered phone numbers, then you can probably catch well over 90% of them with just a very simple check.

If your purpose is to try to force users to provide a valid number whether they want to give that information out or not, then you've taken on a hopeless task - even if you were able to access 100% accurate, up-to-the-second telco databases to verify that the exact number entered is currently live, you still don't gain any assurance that the number they gave you is their own. Once again, a simple check will foil the majority of people entering bogus numbers, but those who are willing to try more than two or three times will find a way to defeat your attempts to gain their numbers.

Either way, a simple test is going to get you good results and going into more complex rule sets will take up increasingly more time while providing increasingly little benefit to you (while also potentially adding false positives, as already shown with the "seven of the same digit" and 867-5309 cases).


You can do phone number validation internally in your app using regular expressions. Depending on your language you can call a function that will return true if a supplied phone number matches the expression.

In PHP:

function phone_number_is_valid($phone) {
    return (eregi('^(?:\([2-9]\d{2}\)\ ?|[2-9]\d{2}(?:\-?|\ ?))[2-9]\d{2}[- ]?\d{4}$', $phone));
}

You can look up different regular expressions online. I found the one above one at http://regexlib.com/DisplayPatterns.aspx?categoryId=7&cattabindex=2

Edit: Some language specific sites for regular expressions:

  • PHP at php.net: http://php.net/regex
  • C# at MSDN
  • Java: http://java.sun.com/developer/technicalArticles/releases/1.4regex/

867-5309 is a valid phone number that is assigned to people in different area codes.


If you can verify the area code then unless you really, really need to know their phone number you're probably doing as much as is reasonable.