Form Validation
When working with pages that involve form processing, it is often necessary to validate the data being entered by the user.
PHP includes numerous string and numeric functions that can be used to validate user input. The most common functions are explained below:
- is_string(string) - determines whether a variable is a string. Returns a true or false value.
- is_int(string) or is_integer(variable) - determines whether a variable is an integer. Returns a true or false value.
- is_numeric(string) - determines whether a variable is a numeric string. Returns a true or false value.
- is_double(string) or is_float(string) - determines whether a variable is a float. Returns a true or false value.
- strlen(string) - Returns the length of a string.
- strpbrk(string,search string) - searches the variable string for the string character, and returns a string starting from the character found (or FALSE if it is not found).
- strtolower(string) - converts the string stored in variable to lower case letters.
- strtoupper(string) - converts the string stored in variable to upper case letters.
Consider the following HTML form page:
**Enter Name:
**Enter user name:
**Enter password:
(must be at least 4 characters)
** indicates required field
This form page requires that the user enter a name, user name, and a password (at least 4 characters) in length before form processing occurs. This type of form validation is important because it helps ensure that user input is in a proper format to be written to a database, text file, used to produce and automated e-mail message, or re-displayed to the user. HTML alone, however, cannot perform this type of validation. This process is accomplished by using PHP's string and numeric functions listed above.
Form submission now becomes a three step process: 1. Enter form data and click the submit button, 2. validate input using PHP functions, process (write to file, generate automated e-mail message, or re-display input) data using PHP. The following script demonstrates this process.
<?php
if (isset($_REQUEST["submit"]))
{
$valid_form = true;
if ($_REQUEST['name'] == "")
{
echo "Enter your name";
$valid_form = false;
}
else
{
$name = $_REQUEST['name'];
}
if ($_REQUEST['uname'] == "")
{
echo "Enter a user name";
$valid_form = false;
}
else
{
$username = $_REQUEST['uname'];
}
if ($_REQUEST['pass'] == "")
{
echo "Enter a password";
$valid_form = false;
}
elseif (strlen($_REQUEST['pass']) < 4)
{
echo "Password must contain at least 4 characters";
$valid_form = false;
}
else
{
$password = $_REQUEST['pass'];
}
if($valid_form == true)
{
//form processing code goes here
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>A Web Page</title>
</head>
<body>
<form method="post" action="form_validate.php">
Enter Name: <input type="text" name="name">
Enter user name: <input type="text" name="uname">
Enter Password (must contain at least 6 characters): <input type="password" name="pass">
<input type="submit" name="submitB" value="Submit">
</form>
</body>
</html>
When the submit button is clicked, a series of if statements are used to validate the contents of the form fields. First, the name field (value of $_REQUEST['name']) is checked for a NULL value. If $_POST['name'] contains a NULL value, this indicates the user did not enter a name in the 'name' textbox. A echo statement is used to display an error message to the user. If the $_REQUEST['name'] does contain a value, it is assigned to a scalar variable, $name, which can be used later in the program when the data processing begins. Next, the 'user name' field is checked using the same method used to check the 'name' field. If the user name is not entered, an error is displayed. Otherwise, the value is assigned to the scalar variable, $username. Finally, the password is validated. Validation of the password is a two step process - 1. checking that a password was entered, and 2. if a password was entered, make sure it contains at least 4 characters. The first if statement checks whether a password was entered. The elseif statement (which executes only if the previous 'if' statement is true) checks the entered password using the strlen() function. This function returns the length of the password. The resulting length is compared to 4.If the value is less than 4, an error is displayed. Otherwise, the password is correct and is assigned to the scalar variable, $password.
If all form fields contain valid data, form processing can begin. A flag can be set to help keep track of the validation. First, a flag is set ($valid_form = true) at the beginning of the code block. If any of the forms do not contain valid data, the flag ($valid_form) is set to false. After all form fields have been checked, a final if statement is used to check the status of the flag ($valid_form). If the value of $valid_form is true (all forms contain valid data), form processing can begin. Otherwise, the form processing block is skipped. The user is presented with the error messages presented during the validation process and can begin making corrections.