There is no way to do this reliably.
That being said, depending on the situation, the issue may be that someone pasting in an answer is going to fill out the form too quickly. If the attempt is just to slow down the user, you can use sessions, and verify that the don't fill out the form too quickly. Even without sessions, you can pass a timestamp in a hidden field using a two-way encryption, then extract it on submission, and check how much time has elapsed.
I can't personally think of other reasons to not allow pasting -- for longer messages on here, I tend to work in a real text editor, and paste my answers in. (And I also paste into password boxes all the time -- I store passwords in an encrypted database, so I don't need to remember them all.)
Update: With the changed requirements, I'd recommend removing the duplicated field as a check -- it's not reliable. Instead, use something to verify that has a very unlikely chance of collision, like the patient's name. Although this means they're entering redundant info, it's no worse than what you had as the initial solution. Even better, from a usability standpoint would be to get the patient ID, then fill in the patient details for them, and they would (hopefully) realize that it's not the right person.
I'm not sure if this is some sort of a privacy violation, as it might allow someone to mine the system for patients, but even just having them enter the patient IDand surname, and populate the rest may be a good middle ground. (you'll have to check with your legal department...HIPPA and all that, if you're in the US.)
Note -- in HTML, 'textarea' refers to one of the large block things, like we type comments into...'text input' refers to shorter, single line entries, like the title line
In reply to Re: prevent pasting into a CGI textbox
by jhourcle
in thread prevent pasting into a CGI textbox
by nosbod
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |