Edit Page

PHP Form Validation

Form Validation

When we create forms and allow users to input data, we typically need to validate and sanitize the data before storing and processing it. Form validation can be done at the client side using JavaScript and the server-side using a language like PHP. Although, form validation on the client-side is fast, effcient, and provides a better user expierence, client-side validation is not a safe and secure approach since the user can choose to turn-off JavaScript, use a browser that does not support it, or simply alter the client code from the browser’s developer tools. Thus, it is imperative to choose a more secure approach and validate input data on the server using PHP. In this lecture note, we will look at how form validation is done in JavaScript and PHP.

Form Validation on the client side

Consider the following sign up HTML form that contains three input fields: user name, email, and password. The user name must be between 8 and 32 characters and may contain a combination of letters and numbers. While email validation is nearly impossible due to the various ways an email can be valid, we can use a regular expression that is defined in RFC 5322 and works almost on most valid email addresses but is not 100% accurate. The best way to validate an email address is to send out a confirmation email to the provided address and see if the user clicks on the confirmation link or not. In this lecture note, we will use a regular expression to validate the given email address.

The password must be between 8 and 32 characters with at least one letter, one digit, and one special character.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

<body>
    <h1>Sign up</h1>
    <form id="myForm" action="" onsubmit="validateForm(event)" method="post">
        <label for="userNameInput">User name:</label>
        <input type="text" id="userNameInput" name="uname">
        <label for="emailInput">E-mail:</label>
        <input type="email" id="emailInput" name="email">
        <label for="passwordInput">Password:</label>
        <input type="password" id="passwordInput" name="pw">
        <input type="submit" value="signup">
    </form>
    <div id="error-message"></p>
<script src="./formValidationClient.js"></script>
</body>

More Form validation Options

PHP Extensions: The ctype extension

A PHP extension is a custom library or plug-in that provides a function that can be used in your PHP application. Some extenstions are turned on by default while others need to be explicitly enabled.

The character type checking ctype extension, provides a set of functions to check whether a character or string falls into a specific character class. This extension is enabled on by default. Below is a list of ctype functions that may be used to check and validate a string:

functiondescriptionexample
ctype_digitCheck for numeric character(s)ctype_digit("123");
ctype_alnumCheck for alphanumeric character(s)ctype_alnum("1a2b3c4d");
ctype_alphaCheck for alphabetic character(s)ctype_alpha("abcdefg");
ctype_cntrlCheck for control character(s)ctype_cntrl("\n\r\t");
ctype_lowerCheck for lowercase character(s)ctype_lower("abc");
ctype_upperCheck for uppercase character(s)ctype_upper("ABC");
ctype_punctCheck for any printable character which is not whitespace or an alphanumeric characterctype_punct(",.?!");
ctype_spaceCheck for whitespace character(s)ctype_space(" \t ");
ctype_xdigitCheck for character(s) representing a hexadecimal digitctype_xdigit("AB10BC99");