PHP Form validation is an integral part of working with forms. If any invalid data is submitted into forms, it may result in security issues of data and can also break the WebPages.
Validation is mandatory to a form to get accurate data from the form. If proper validation is not set to a form it leads to generation of more junk data through the forms which ultimately result in memory leakage and security issue.
Mandatory data filling fields requires input tag attribute or PHP field validations. All the PHP form validations, Required fields, URL/E-Mail and Radio button validations are shown in the below example.
Example
Here a simple HTML form is taken and PHP validations are applied.
[php]
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
// define variables and set to empty values
$nameErr = $emailErr = $web_technologiesErr = $websiteErr = "";
$name = $email = $web_technologies = $message = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["website"])) {
$website = "";
} else {
$website = test_input($_POST["website"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["message"])) {
$message = "";
} else {
$message = test_input($_POST["message"]);
}
if (empty($_POST["web_technologies"])) {
$web_technologiesErr = "Web_technologies is required";
} else {
$web_technologies = test_input($_POST["web_technologies"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name: <input type="text" name="name" value="<?php echo $name;?>">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="<?php echo $email;?>">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
Web Technologies:
<input type="radio" name="web_technologies" <?php if (isset($web_technologies) && $web_technologies=="PHP") echo "checked";?> value="PHP">PHP
<input type="radio" name="web_technologies" <?php if (isset($web_technologies) && $web_technologies=="HTML") echo "checked";?> value="HTML">HTML
<span class="error">* <?php echo $web_technologiesErr;?></span>
<br><br>
Website: <input type="text" name="website" value="<?php echo $website;?>">
<span class="error"><?php echo $websiteErr;?></span>
<br><br>
Message: <textarea name="message" rows="5" cols="40"><?php echo $message;?></textarea>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $name;
echo "<br>";
echo $email;
echo "<br>";
echo $website;
echo "<br>";
echo $message;
echo "<br>";
echo $web_technologies;
?>
</body>
</html>
[/php]
Output:
Summary
Points
PHP Form Validation is necessary to get accurate data from the form.
Data filling fields requires input tag attribute or PHP field validations.