This chapter shows how to validate names, e-mails, and URLs.
PHP - Validate Name
The code below shows a simple way to check if the name field only contains letters and whitespace. If the value of the name field is not valid, then store an error message:
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name))
{
$nameErr = "Only letters and white space allowed";
}
The preg_match() function searches a string for pattern, returning true if the pattern exists, and false otherwise. |
PHP - Validate E-mail
The easiest and safest way to check whether an email address is well-formed is to use PHP's filter_var() function.
In the code below, if the e-mail address is not well-formed, then store an error message:
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr =
"Invalid email format";
}
PHP - Validate URL
The code below shows a way to check if a URL address syntax is valid (this regular expression also allows dashes in the URL). If the URL address syntax is not valid, then store an error message:
$website = test_input($_POST["website"]);
if
(!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website))
{
$websiteErr = "Invalid URL";
}
PHP - Validate Name, E-mail, and URL
Now, the script looks like this:
Example
<?php
// define variables and set to empty values
$nameErr = $emailErr
= $genderErr = $websiteErr = "";
$name = $email = $gender = $comment =
$website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is
required";
} else {
$name = test_input($_POST["name"]);
// check if name
only contains letters and whitespace
if
(!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"]))
{
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
//
check if e-mail address is well-formed
if (!filter_var($email,
FILTER_VALIDATE_EMAIL)) {
$emailErr =
"Invalid email format";
}
}
if (empty($_POST["website"]))
{
$website = "";
} else {
$website = test_input($_POST["website"]);
// check if
URL address syntax is valid (this regular expression also allows dashes in
the URL)
if
(!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website))
{
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["comment"]))
{
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["gender"]))
{
$genderErr = "Gender is required";
} else
{
$gender = test_input($_POST["gender"]);
}
}
?>
Run example »
The next step is to show how to prevent the form from emptying all the input fields when the user submits the form.