”;
The term “Form Validation” refers to the process of ascertaining if the data entered by the user in various form elements is acceptable for further processing. Validation of data before its subsequent processing avoids possible exceptions and runtime errors.
Validation can be done both on the client-side and on the server-side. When the client submits the form, the form data is intercepted by the PHP script running on the server. Using various functions available in PHP, the server-side form validation can be done.
Client-side Validation
The new input controls as per the HTML5 specifications have in-built validation. For example an input element of the type ‘email’, even though is a text field, is customized to accept a string that is according to email address protocol.
Validation takes place befor the data is submitted to the server. Same thing is true with other input types such as URL, number, etc.
Example
Given below is an HTML form with input elements of number type, email type and URL type. If you enter data that is not as per the required format, a suitable error message is flashed as you try to submit the form.
<h1>Input Validation</h1> <form> <p><Label for "name">Enter your name</label> <input type = "text" id="name" name="name"></p> <p><label for="age">Enter age</label> <input type = "text" id = "age" name="age"></p> <p><label for="email">Enter your email:</label> <input type="text" id="email" name="email"></p> <p><label for="URL">Enter your website<label> <input type = "text" id="URL" name="url"></p> <input type="submit"> </form>
The number type text field shows up/down counter arrows on the right. Only number is accepted, and can be incremented or decremented.
If the data in email field is invalid, you get the error message flashed as below.
Similarly, any incorrect format for the URL also flashes the error as shown −
Validation Functions
The validation on the server-side with PHP comes into picture, either when the form data passes the client-side validation, or there’s no validation on the client side at all.
In the HTML form used in the above example, let us remove all special input types and use all text fields of text type. The form is submitted with POST method to hello.php on the server.
<form action="hello.php" method="POST"> <p><Label for "name">Enter your name</label> <input type = "text" id="name" name="name"></p> <p><label for="age">Enter age</label> <input type = "text" id = "age" name="age"></p> <p><label for="email">Enter your email:</label> <input type="text" id="email" name="email"></p> <p><label for="URL">Enter your website<label> <input type = "text" id="URL" name="url"></p> <input type="submit"> </form>
Form is Empty
If the user (may be inadvertently) clicks the submit button, you can ask PHP to display the form again. You need to check if the $_POST array has been initialized with isset() function. If not, the header() function redirects the control back to the form.
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { if (isset($_POST)) { header("Location: hello.html", true, 301); exit(); } // form processing if the form is not empty } ?>
Example
You can also check if any of the fields is empty at the time of submitting the form.
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { foreach($_POST as $k=>$v) { if (empty($v)==true) { echo "One or more fields are empty n"; echo "<a href = ''hello.html''>Click here to go back </a>"; exit; } else echo "$k => $v n"; } } ?>
Age field is non-numeric
In the HTML form the input field for name is of text type, hence it can accept any characters. However, we want it to be numeric. This can be ensured by is_numeric() function
<?php if (is_numeric($_POST["age"])==false) { echo "Age cannot be non-numeric n"; echo "<a href = ''hello.html''>Click here to go back</a>"; } ?>
PHP also has is_string() function to check if a filed contains a string or not. Two other functions, trim() and htmlspecialchars() are also useful for form validation.
-
trim() − Removes whitespace from the beginning and end of a string
-
htmlspecialchars() − Converts special characters to HTML entities to prevent cross-site scripting (XSS) attacks.
”;