Throughout this article, we will be discussing how to validate email addresses, URLs, and other fields on PHP forms, so that we will be able to fill them out correctly.
The validation of user input is an essential part of developing a reliable and secure web application. Email addresses and URLs are commonly inserted into web forms and applications, as well as in other types of apps. When processing these inputs, it is important that they are formatted correctly and are valid before they are processed.
This tutorial will show you how to validate data on the server-side and on the client-side, as well as how to avoid some common pitfalls when working with these types of inputs.
Validate Name
Below is a simple example of checking if the name field contains only letters, dashes, apostrophes, and whitespace and age contains only numbers..
There will be an error message stored if the value of the name field is not valid:
$firstname = input_validation($_POST["firstname"]);
if (!preg_match("/^[a-zA-Z-‘ ]*$/",$firstname)) {
$fnameErr = "Only letters and white space allowed";
}
age = input_validation($_POST["age"]);
if (!preg_match("/^[0-9 ]*$/", $age)) {
$ageErr = "Only numbers allowed";
}
When preg_match() is called, a string is searched for a pattern, and if the pattern exists, it returns true, otherwise it returns false.
Validate Email
Using PHP’s filter_var() function is the easiest and most reliable way of checking whether an email address is well-formed or not.
If the email address provided is not a well-formed one, then the following error message will be displayed in the code:
$email = input_validation($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
Validate URL
Below is a code example on how to verify whether the URL address syntax is valid (this regular expression also allows dashes in the URL address).
If there is a syntax error in the URL address, then store an error message that states:
$linkedin = input_validation($_POST["linkedin"]);
if (!preg_match("/^(?:(?:https?|ftp):\\/\\/|www.)[-a-z0-9+&@#\\/%?=~_|!:,.;]*[-a-z0-9+&@#\\/%=~_|]/i", $linkedin)) {
$linkedInErr = "URL is not valid";
}
This is what the script looks like now:
<?php
$fnameErr = $lnameErr = $ageErr = $emailErr = $designationErr = $skillsErr = $linkedInErr = "";
$firstname = $lastname = $age = $email = $designation = $skills = $linkedin = $yrofexp = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$fnameErr = "First name is required";
} else {
$firstname = input_validation($_POST["firstname"]);
if (!preg_match("/^[a-zA-Z-' ]*$/", $firstname)) {
$fnameErr = "Only letters and white space allowed";
}
}$lastname = input_validation($_POST["lastname"]);if (empty($_POST["age"])) {
$ageErr = "Age is required";
} else {
$age = input_validation($_POST["age"]);
if (!preg_match("/^[0-9 ]*$/", $age)) {
$ageErr = "Only numbers allowed";
}
}if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = input_validation($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}if (empty($_POST["skills"])) {
$skillsErr = "Skills is required";
} else {
$skills = input_validation($_POST["skills"]);
}if (empty($_POST["designation"])) {
$designationErr = "Designation is required";
} else {
$designation = input_validation($_POST["designation"]);
if (!preg_match("/^[a-zA-Z-' ]*$/", $designation)) {
$designationErr = "Only letters and white space allowed";
}
}
if (empty($_POST["linkedin"])) {
$linkedInErr = "URL is required";
} else {
$linkedin = input_validation($_POST["linkedin"]);
if (!preg_match("/^(?:(?:https?|ftp):\\/\\/|www.)[-a-z0-9+&@#\\/%?=~_|!:,.;]*[-a-z0-9+&@#\\/%=~_|]/i", $linkedin)) {
$linkedInErr = "URL is not valid";
}
}
$yrofexp = input_validation($_POST["yrofexp"]);
}// define variables and set to empty valuesfunction input_validation($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Merge HTML and PHP code:
<!DOCTYPE HTML>
<html lang="en"><head>
<title>PHP Form</title>
<style>
.error {
color: #FF0000;
}
</style>
</head><body><?php
$fnameErr = $lnameErr = $ageErr = $emailErr = $designationErr = $skillsErr = $linkedInErr = "";
$firstname = $lastname = $age = $email = $designation = $skills = $linkedin = $yrofexp = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["firstname"])) {
$fnameErr = "First name is required";
} else {
$firstname = input_validation($_POST["firstname"]);
if (!preg_match("/^[a-zA-Z-' ]*$/", $firstname)) {
$fnameErr = "Only letters and white space allowed";
}
}$lastname = input_validation($_POST["lastname"]);if (empty($_POST["age"])) {
$ageErr = "Age is required";
} else {
$age = input_validation($_POST["age"]);
if (!preg_match("/^[0-9 ]*$/", $age)) {
$ageErr = "Only numbers allowed";
}
}if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = input_validation($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}if (empty($_POST["skills"])) {
$skillsErr = "Skills is required";
} else {
$skills = input_validation($_POST["skills"]);
}if (empty($_POST["designation"])) {
$designationErr = "Designation is required";
} else {
$designation = input_validation($_POST["designation"]);
if (!preg_match("/^[a-zA-Z-' ]*$/", $designation)) {
$designationErr = "Only letters and white space allowed";
}
}
if (empty($_POST["linkedin"])) {
$linkedInErr = "URL is required";
} else {
$linkedin = input_validation($_POST["linkedin"]);
if (!preg_match("/^(?:(?:https?|ftp):\\/\\/|www.)[-a-z0-9+&@#\\/%?=~_|!:,.;]*[-a-z0-9+&@#\\/%=~_|]/i", $linkedin)) {
$linkedInErr = "URL is not valid";
}
}
$yrofexp = input_validation($_POST["yrofexp"]);
}// define variables and set to empty valuesfunction input_validation($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?><h2>PHP Form Validation</h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<p><span class="error">* required field</span></p>
First name: <input type="text" name="firstname"><span class="error"> * <?php echo $fnameErr; ?></span>
<br><br>
Last name: <input type="text" name="lastname"><span class="error"></span>
<br><br>
Age: <input type="text" name="age"><span class="error">* <?php echo $ageErr; ?></span>
<br><br>
E-mail: <input type="text" name="email"><span class="error"> * <?php echo $emailErr; ?></span>
<br><br>
<label for="yrofexp">Year of Experience:</label>
<select name="yrofexp" id="yrofexp">
<option value="">Select number</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
</select>
<br><br>
Designation: <input type="text" name="designation"><span class="error"> * <?php echo $designationErr; ?></span>
<br><br>
LinkedIn: <input type="text" name="linkedin"><span class="error"> * <?php echo $linkedInErr; ?></span>
<br><br>
Write your Skills: <textarea name="skills" rows="5" cols="40"></textarea><span class="error"> * <?php echo $skillsErr; ?></span>
<br>
<br><br>
<input type="submit" name="submit" value="Submit"></form><?php
echo "<h2>Your Form Data:</h2>";
echo "First Name: ".$firstname;
echo "<br>";
echo "Last Name: ".$lastname;
echo "<br>";
echo "Age: ".$age;
echo "<br>";
echo "Email: ".$email;
echo "<br>";
echo "Year of Experience: ".$yrofexp;
echo "<br>";
echo "Designation: ".$designation;
echo "<br>";
echo "LinkedIn URL: ".$linkedin;
echo "<br>";
echo "Skills: ".$skills;?></body></html>
Next, we will demonstrate how to prevent the form from emptying all the input fields when the user submits the form, which will prevent the form from becoming
unusable.