Once upon a time I decided to make a php script. The script was a simple test. Users could could submit data, that was later spewed out along with everyone else’s submissions. I was quite beside myself. I had hundreds of entries, and I thought things were going quite well! Oh how naive! The next day a strange yellow box that said “don’t mouse over me” appeared on the list. Of course I couldn’t help myself, and moved my cursor straight towards the box. The next thing I know I’m being redirected to the homepage for a professional Christian wrestling organization. It was at this point that I realized you shouldn’t trust everything users put into an input box. I quickly devoted myself to fixing the issue trying to find the best way to validate forms. Several months later after many various attempts I was able to devise a class based system that made form checking a breeze. Now I’m about to divulge everything I have learned to you in a matter of minutes! I’ll start off with the basic form checking strategy, describe how classes can simplify this process, and end with some general guidelines and tips.

Creating a basic form checking script is very simple and only requires the use of a few PHP functions. All we do is take the data entered by the user and check to see if it matches our criteria. As an example let’s look at the username field on a registration form. One of the first things we should be concerned about is how long the user name is. We can’t have people with usernames that are 65,535 characters long, but at the same time we can’t have people that are running around with names that are zero characters long. So let’s say that a name must be between 3 and 15 characters long.

Let’s start out by checking to see if the string is 0 characters long, or the null case. If we try to do tests on null variables undesirable things start to happen. We’ll check to see if the string equals “” or an empty string. Remember to never forget about the null case.

Assuming the input data passes this check we can then check to see if the length of the string is within acceptable boundaries. With do this with the strlen() function. This function simply tells you how long the specified string is($value in this case).

We may also want to control what special characters are allowed to be used for usernames. For this we’ll use the preg_match() function. This function looks at your string and compares it to the regular expressions used in perl. A regular expression defines what type of strings are valid. If you want to learn more about regular expressions and how to use them here is a good tutorial. Here’s how we might use the preg_match function to only validate usernames with letters numbers and a few special characters.

Here is a regular expression that checks to ensure that what the user has submitted is an e-mail address. This one uses the ereg() function which is similar to preg_match but uses POSIX regular expressions instead of Perl ones.

As you can see validating data seems pretty easy doesn’t it? All you need to know is a few simple functions. Of course the story will get more complex when we want to create a really big form. I’ll save all that stuff for the next part of this tutorial. Until then I recommend you try some of this out on your own. Put some of this stuff into practice so you’re ready when I go all object oriented on you.

Return to Index »

This entry was posted on Friday, July 6th, 2007 at 5:02 am and is filed under Web Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.