Form Validation in php

To validate the input provided by the user from form is a common requirement now days. For example, it must be check 

  1.  mandatory fields must be properly filled
  2.  age must contain numeric value
  3. email provided by user must be a valid email
  4. Date of Birth must be a valid date.

These are just examples to tell you how the data of the form should be validated.  

Most of the web developer just uses javascript to validate the form data. Javascript is a client side language and interpreted on client's computer and it is interpreted by web browser such as Internet Explorer, Firefox, Opera, Google Chrome, etc. If javascript code is properly written to validate the form data then user cannot go to next page unless he/she provides the correct data. But javascript has a major drawback and its drawback is IF JAVASCRIPT IS DISABLE IN WEB BROWSER THEN USER CAN ENTER ANY VALUE WHAT HE/SHE WANTS AND YOUR DATABASE CAN BE DEMAGED DUE TO THE DATA PROVIDED BY THE USER. So it is better to validate the form data by using client side language(javascript) as well as server side language such as PHP, so incase if javascript is disable then server side validation prevents the user to enter the wrong data and restrict user to provide valid data.

Form Validation in php

I am going to develop a php page that just contains a form and after hitting the submit button I will validate the data provided by user using PHP.


<html>
<head>
<title>Form Validation</title>
<style type="text/css">
.fontclass{font-family:Verdana, Arial, Helvetica, sans-serif;
font-size:12px;
}
</style>
</head>
<body>
<table cellpadding="2" cellspacing="2" class="fontclass">
<tr>
<form name="form1" method="post" action="verify.php">
<tr>
<td><strong>First Name</strong></td><td><input type="text" name="fname" /></td>
</tr>
<tr>
<td><strong>Last Name</strong></td><td><input type="text" name="lname" /></td>
</tr>
<tr>
<td><strong>Email Address</strong></td><td><input type="text" name="email" /></td>
</tr>
    <tr>
      <td><strong>Username</strong></td>
      <td><input type="text" name="username" /></td>
    </tr>
      <tr>
    <td><strong>Date</strong></td>
    <td><input type="text" name="date_user" size="10" /> (mm/dd/yy)</td>
  </tr>
    <tr>
<td><strong>Age</strong></td><td><input type="text" name="age" size="10" />
</td>
</tr>
<tr>
<td> </td><td><input type="submit" value="Submit" /></td>
</tr>
</form>
</tr>
</table>
</body>
</html>

The above code will generate a webpage that contains a web form containing six fields, snap shot of that web page is provided below.





action attribute of form(action="verify.php") contains the name of the web page in which i have written php code to validate the form data. Here's the code to validate the form data.

Verify.php

<?php
$fname=trim($_POST['fname']);
$lname=$_POST['lname'];
$email=trim($_POST['email']);
$age=trim($_POST['age']);
$date_user=trim($_POST['date_user']);
$username=trim($_POST['username']);
$age_len=trim(strlen($age));

if(empty($fname))
{
header("location:form.php?msg=pleaseenteremail");
}

//Now email validation using Regular Expressions
if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ 
header("location:form.php?msg=emailnotvalid");
}

//Now performing numeric data validation for Age Field
if(!is_numeric($age))
{
header("location:form.php?msg=agenotvalid");
}

//Now checking the length of the data provided by user as his/her age
if($age_len>3)
{
header("location:form.php?msg=agenotvalid");
}

//Now performing Date Validation for Date Field
$arr=split("/",$date_user); // splitting the array
$mm=$arr[0]; // first element of the array is month
$dd=$arr[1]; // second element is date
$yy=$arr[2]; // third element is year
if(!checkdate($mm,$dd,$yy)){
header("location:form.php?msg=datenotvalid");
}

?>
trim() function is used to remove the spaces before and after the data.

empty() function is a Boolean function that checks whether the data in the form of its argument is empty or not?

is_numeric() function is also a Boolean function that returns whether the data in the form of its argument is numeric or not?

strlen() function provides the length of the string.

checkdate() function is a built in function that checks whether date provided is valid or not. It also takes care of leap year checking. It is also a Boolean function and return true if date is correct and return false if date is false.

Now let's understand the code that is performing validation of form data.

First of all I am getting form data using $_POST because form data coming from previous page is using the post method. Then i remove extra spaces to the form data by using trim() and assign that data to the different variables.

 

$age_len=trim(strlen($age));

for checking the length of age data, i first of all remove the extra spaces before/after the age data provided by the user and then check the length of age data using strlen() function.

 

if(empty($fname))

{

header("location:form.php?msg=pleaseenteremail");

}

Then i check whether the first name is empty or not. If empty then returns to the prevous page with a query string that indicates the error.

if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ 

header("location:form.php?msg=emailnotvalid");

}

To validate email address, i use regular expression. Again if email is not a valid email then I redirect page to the previous page with a query string.

 

if(!is_numeric($age))

{

header("location:form.php?msg=agenotvalid");

}

To check whether age provided is numeric or not i use the is_numeric() function because age can be numeric like 23 not the characters abc.

To perform date validation i use the built in php Boolean function which is checkdate() that takes three arguments which is month, day and year. Now its up to you whether you provide date like this way 02/10/09 or like this way 02/10/2009, this powerful built in function can validate both form of dates. To get month, day and year from the date provided by the user I use split() function to split the date and get the month, day and year and then provide these three to checkdate() function to validate the date.

So this is a practical example to perform form validation in php.

 

 

2 comments:

  • w3c
     

    Nice information, I really appreciate the way you presented.Thanks for sharing..

    http://www.w3cvalidation.net/

  • w3c
     

    Nice information, I really appreciate the way you presented.Thanks for sharing..

    http://www.w3cvalidation.net/