PHP form tutorial - PHP form validation concept

Home - Tutorials - Forms

This article demonstrates how to use PHP forms. You will find detailed information from the form basics to advanced form processing.

Tutorial info:

Name:PHP form tutorial
Total steps:3

Bookmark PHP form tutorial

Bookmark and Share

Step 3 - PHP form validation concept

PHP form tutorial

To make a usable form we need to make some input validation to avoid meaningless data input. To do this there are more ways. We can check user inputs on the client side with JavaScript and we can do it on server side via PHP. Of course the best solution would be to use both methods. In this article I will focus only on PHP form validation.

First of all you have to decide which fields are mandatory and which are not. Afterwards you need to define what kind of input is acceptable for a specific field. For example if you want to now the age of the visitor then only number are acceptable and not a text or date. To make your form user friendly it is a good idea to mark mandatory fields on the HTML form and if any error occurred then you should display an error message.

As first step let's copy relevant variables in to a local representation with a code like this:

  1. $name = isset($_POST['name']) ? trim($_POST['name']) : '';
  2. $email = isset($_POST['email']) ? trim($_POST['email']) : '';
  3. $mesg = isset($_POST['mesg']) ? trim($_POST['mesg']) : '';

This code checks if the actual field was filled or not. Besides this the code removes spaces from the beginning and end of a string. It is to avoid inputs with only spaces and helps to check the content later.  If the variable was not set then we initialise the local variable with an empty string.

Now as we have the user inputs in a pure state we can make some validation on it. 

In this example we checks if the name is not empty and at least 3 characters long as there is no name with only 1 or 2 characters. (Depends on countries) . Similar to this we check the message itself but in this case we accept only at least 9 character long texts. At least we check the email validity with regular expression. In case of any error we set a variable for that field. At the end our check code looks like this:

  1. if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) $errorEmail = true;
  2. if (strlen($name)<3) $errorName = true;
  3. if (strlen($mesg)<10) $errorMesg = true;

In case of any error we need to display the HTML form to the visitor again but in this case we should display the error message to help the visitor to correct it. So the use case is the following:

  1. Display the form
  2. Process user input
  3. In case of error display the form again with error message
  4. If there is no error then go on.

To make the code more simple it makes sens to create a function which displays the HTM form and error messages if needed. The function definition should look like something similar:


So if the function is called without any parameter a normal HTML form will be displayed, but if any error variable is set then the corresponding error message will be displayed as well. The improved form processing code looks like this: 

  1. <?php
  2. // Function to display form
  3. function showForm($errorName=false,$errorEmail=false,$errorMesg=false){
  4. if ($errorName) $errorTextName = "Please enter your name!";
  5. if ($errorEmail) $errorTextEmail = "Please enter a valid email address!";
  6. if ($errorMesg) $errorTextMesg = "Please leave a longer message!";
  8. echo '<form action="form.php" method="POST"><table>';
  10. // Display name field an error if needed
  11. echo '<tr><td>Name:</td><td><input type="text" name="name"></td></tr>';
  12. if ($errorName) echo "<tr><td colspan='2'>$errorTextName</td></tr>";
  14. // Display email field an error if needed
  15. echo '<tr><td>Email:</td><td><input type="text" name="email"></td></tr>';
  16. if ($errorEmail) echo "<tr><td colspan='2'>$errorTextEmail</td></tr>";
  18. // Display message field an error if needed
  19. echo '<tr><td>Message:</td><td><textarea name="mesg"></textarea></td></tr>';
  20. if ($errorMesg) echo "<tr><td colspan='2'>$errorTextMesg</td></tr>";
  23. echo '<tr><td><input type="submit" name="SubmitForm" value="Send"></td></tr>';
  24. echo '<form>';
  25. }
  28. if (!isset($_POST['SubmitForm'])) {
  29. showForm();
  30. } else {
  31. //Init error variables
  32. $errorName = false;
  33. $errorEmail = false;
  34. $errorMesg = false;
  36. $name = isset($_POST['name']) ? trim($_POST['name']) : '';
  37. $email = isset($_POST['email']) ? trim($_POST['email']) : '';
  38. $mesg = isset($_POST['mesg']) ? trim($_POST['mesg']) : '';
  40. if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) $errorEmail = true;
  41. if (strlen($name)<3) $errorName = true;
  42. if (strlen($mesg)<10) $errorMesg = true;
  44. // Display the form again as there was an error
  45. if ($errorName || $errorEmail || $errorMesg) {
  46. showForm($errorName,$errorEmail,$errorMesg);
  47. } else {
  48. echo 'Submission was success!';
  49. }
  51. }
  52. ?>

Of course later you can improve the look of the form and the validation itself to be more robust but for demonstration it is enough I think.

Previous Step of PHP form tutorial

Tags: php form processing, php form, creating form, form processing

Follow phpf1 on Twitter

F1 Site Family
Java F1
JavaScript F1

Total time: 0.0258