Form Validation

• Description : A detailed tutorial on how to validate user input gathered from forms!
• Language : PHP
• Date Added : 20th October, 2009

Firstly, if you haven't already you will need to read the $_GET and $_POST tutorials. Without reading those tutorials first this tutorial will make very little sense.

So, firstly what is form validation? Well, basically it's getting the user input and making sure it's as you require. For example you don't want someone putting in a password that is less than you specified. Below are some useful methods that you can use to help validate input:

String Length:

Code :

<?php $username = "hello"; $usernameLength = strlen($username); echo $usernameLength; ?>

Output:

5

An IF statement:

Code :

<?php $passwordOne = "password"; $passwordTwo = "passwordd"; if($passwordOne != $passwordTwo) { echo "The passwords do not match!"; } else { echo "The passwords match!"; } ?>

Output:

The passwords do not match!

Integer Checking:

Code :

<?php $age = 12; if(is_int($age)) { echo "You entered a number!"; } else { echo "You did not enter a number!"; } ?>

Output:

You entered a number!

Check for a character(Email verification):

Code :

<?php $email = "haha"; if(strpos($email, '@') == false) { echo "No @ sign found!"; } else { echo "An @ sign was found!"; ?>

Output:

No @ sign was found!

So, you have what you need to validate input. Below is a fully functioning form, you can test out the form here. Below the code is an explanation of new code.

Code :

<?php if(isset($_POST['submit'])) { //Get input $username = $_POST['username']; $password1 = $_POST['password1']; $password2 = $_POST['password2']; $email = $_POST['email']; $formErrors = 0; if(strlen($username) < 6) { $formErrors++; $usernameError = true; } else { $usernameError = false; } if(8 <= strlen($password1) && strlen($password1) <= 25) { $passwordLenError = false; } else { $formErrors++; $passwordLenError = true; } if($password1 != $password2) { $formErrors++; $passwordMatchError = true; } else { $passwordMatchError = false; } if(strpos($email, '@') == false) { $formErrors++; $emailError = true; } else { $emailError = false; } } ?> <html> <head> <title>PHP Form Validation Example</title> </head> <body> <form action="" method="post"> <?php if(isset($_POST['submit'])) { if($formErrors == 0) { echo "All fields were correctly filled out!"; } else { echo "There were " . $formErrors . " errors with your form!<br />"; } if($usernameError == true) { echo "There was a problem with your username!<br />"; } if($passwordLenError == true) { echo "There was a problem with the length of your password!<br />"; } if($passwordMatchError == true) { echo "The two passwords entered did not match!<br />"; } if($emailError == true) { echo "There was a problem validating your email address!"; } } if(!isset($_POST['submit'])) { ?> <table width="500"> <tr> <td>Username(More than six characters)</td> <td> : </td> <td><input type="text" name="username" /></td> </tr> <tr> <td>Password(More than 8 characters, less than 25)</td> <td> : </td> <td><input type="password" name="password1" /></td> </tr> <tr> <td>Confirm Password</td> <td> : </td> <td><input type="password" name="password2" /></td> </tr> <tr> <td>Email Address</td> <td> : </td> <td><input type="text" name="email" /></td> </tr> <tr> <td rowspan="3"><input type="submit" name="submit" value="submit" /></td> </tr> </table> </form> <?php } ?> </body> </html>

This might look scary at first - there is quite a lot of code. Currently this form isn't that useful, it would normally submit the information to a database but that will be covered in later tutorials. Other than two or three lines of code most of the stuff has been previously covered. Below are explanations of the new parts:

Code :

<?php $formErrors++; ?>

The above line of code will increment the value stored in the variable. It is a simpler way of adding 1 to a value.

Code :

<?php if(isset($_POST['submit'])) { //Some code } if(!isset($_POST['submit'])) { //Some code } ?>

These two lines of codes are used on almost every page with a form. They check to see if the form has been submitted. The first line will check if the form has been submitted, any code you want to run when the form is submitted should be placed between the two curly brackets. The second line does the opposite, it checks to see if the form hasn't been submitted. In this case it simply displays the form.

If you are wondering what to do if your button is not called 'submit' you simply replace the $_POST['thispart'] part between the two apostrophes. As I mentioned before you can check out the working code here.

Previous		Next

Login Required