Php Form Validation?

[scm22ri]

Hi Everyone,

 

I'm having trouble with php form validation. If a user clicks on "submit" after they no input boxes their information is automatically submitted into my mysql database. I don't want that. I want it so if a person forgets to fill out a certain part of the form they get presented with a error but there information isn't submitted into my mysql database. Any help would you appreciated. Thanks Everyone!

 

http://whatsmyowncarworth.com/class-work/sign2/join.php

[Jessica]

A cunning use of if control structures, the isset() function, and some logic will get it done.

[MockY]

Grab the input and the check whether it has the values you want or not.

 

Something like this:

 

if (isset($_POST['Submit'])) {

$user_name = trim($_POST['username']);
if ($username == "") $error = "You must enter a username";


if (!isset($error)) {
// submit the form
} else {
// display the error by echoing out $error wherever you want it on the page
}

}

[Psycho]

@scm22ri,

 

You've provided no code from us to work with or clarified what you exact requirements are for the form validation. There are a lot of "gotchas" with respect to form validation. I would suggest you start by looking at each field and writing down what would be considered "valid" for that input. Here are some examples based upon the fields you have:

 

Username: I would require that the field contains at least 6 characters. It would also not be unheard of to restrict that input to only certain characters, but is not required as long as you handle the display appropriately (e.g. htmlentities) and that goes for ANY input that could be used to display to the page.

Email: There are many debates on validating email addresses and PHP even has a built in method nowadays. But, for this you should at least verify that the input is a properly formatted email address (I have my own function that I use)

Password: At a minimum I would have a minimum length check on the password: see note below about using trim()

 

When doing your validations you should do them in a specific order. You wouldn't check an email format before you check if it is empty. Also, always trim your input unless you have a valid reason not to. I've seen different positions on trimming password input. You also have to be careful about HOW you do the validations. You could, for example use empty() on a value, but if 0 is a valid value that function would return false.

 

FYI: Your password fields should be of the type "password", i.e. not "text"

 

So, here is sample fully working script based upon your fields.

 

<?php

//Create variables for submitted values (if posted)
//We create tehse regardless if the form was posted to enable "sticky" values in the form
$username = (isset($_POST['username'])) ? trim($_POST['username']) : '';
$email    = (isset($_POST['email']))    ? trim($_POST['email'])    : '';
$password = (isset($_POST['password'])) ? $_POST['password']	   : '';
$confirmp = (isset($_POST['confirmp'])) ? $_POST['confirmp']	   : '';

$errorMsg = '';

function validEmail($email)
{
   $formatTest = '/^[\w!#$%&\'*+\-\/=?^`{|}~]+(\.[\w!#$%&\'*+\-\/=?^`{|}~]+)*@[a-z\d]([a-z\d-]{0,62}[a-z\d])?(\.[a-z\d]([a-z\d-]{0,62}[a-z\d])?)*\.[a-z]{2,6}$/i';
   $lengthTest = '/^(.{1,64})@(.{4,255})$/';
   return (preg_match($formatTest, $email) && preg_match($lengthTest, $email));
}

//Only validate if form was POSTed
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
   //Start validations
   $errors = array();

   //Validate username
   if($username == '')
   {
    $errors[] = 'Username is required.';
   }
   elseif(strlen($username) < 6)
   {
    $errors[] = 'Username must be at least 6 characters.';
   }

   //Validate email
   if($email == '')
   {
    $errors[] = 'Email is required.';
   }
   elseif(!validEmail($email))
   {
    $errors[] = 'Email is not properly formatted.';
   }

   //Validate passwords
   if($password == '' || $confirmp == '')
   {
    $errors[] = 'Password and confirmation are required';
   }
   elseif(strlen($password) < 6)
   {
    $errors[] = 'Password must be at least 6 characters.';
   }
   elseif($password != $confirmp)
   {
    $errors[] = "Password and password confirmation do not match.";
   }

   //Check if there were any validation errors
   if(count($errors))
   {
    //Create error message
    $errorMsg .= "The following error(s) occured:\n";
    $errorMsg .= "<ul>\n";
    foreach($errors as $err)
    {
	    $errorMsg .= "<li>{$err}</li>";
    }
    $errorMsg .= "</ul>\n";
   }
   else
   {
    //Form validation passed, include script to process the data
    echo "Validation passes. Include script to process the data.<br>";
    //Redirect or load confirmation page
    echo "After processing the data, redirect or load confirmation page<br>";
    echo "Click <a href=''>here</a> to reload form";
    exit();
   }
}

?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Member Registration</title>
</head>
<body>
<form action="" method="post" enctype="multipart/form-data">
<table width="600" align="center" cellpadding="4" border="0">
   <tr>
  <th colspan="2">REGISTER AS A MEMBER</th>
   </tr>
   <tr>
  <td colspan="2"><font color="#FF0000"><?php echo $errorMsg; ?></font></td>
   </tr>
   <tr>
  <td width="163"><div align="right">User Name:</div></td>
  <td width="409"><input name="username" type="text" value="<?php echo $username; ?>" /></td>
   </tr>
   <tr>
  <td><div align="right">Email:</div></td>
  <td><input name="email" type="text" value="<?php echo $email; ?>"/></td>
   </tr>
   <tr>
  <td><div align="right">Password:</div></td>
  <td><input name="password" type="password" />
   </tr>
    <tr>
  <td><div align="right">Confirm Password:</div></td>
  <td><input name="confirmp" type="password" />
   </tr>
   <tr>
  <td><div align="right"></div></td>
  <td><input type="submit" name="Submit" value="Submit Form" /></td>
   </tr>
</table>
</form>
</body>
</html>