HomePHP Advanced PHP Form Input Validation to Check User Inputs
Advanced PHP Form Input Validation to Check User Inputs
PHP form input validation is what separates amateur and professional PHP developers. A professional PHP developer validates data for both security and correctness of the data entered. Keep reading to learn how to validate user input to your forms.
Web form processing is one of the most important tasks any website can do to process customer-related information. PHP server side scripting offers a variety of solutions for accepting and processing data inputs from any web form.
However, a lot of website forms do not have input validation. "Input validation" is the process of double checking form data input to ensure they are the correct data the server needs to process. Without proper form input validation, the web server and database will process or store the wrong information.
A classic example concerns forms that ask for an email address. If you do not validate the input data, malicious users can enter other types of characters into the form to hack your MySQL database. Serious website security issues, such as MySQL injection and malware injection, result from improper form input validation.
In this article, we will aim to provide PHP solutions which will validate the most common fields used in website development:
Validating alphanumeric input -- This type of input is commonly used for usernames and passwords. "Alphanumeric" means the variable can contain numbers and letters of the alphabet only.
Validating numeric input -- Often, web forms ask for numbers. These can be phone numbers or credit card numbers. Other important applications include asking for a birth date, numbers would be entered by the user for the day, month and year of birth. That's numerical data.
Validating names -- This kind of validation should check for letters of the alphabet only; user input should not contain numbers.
Validating email address -- The email address is most commonly asked for in a web form. It's particularly common for a log-in page.
Validating for empty fields -- Often, certain fields must be filled on an online form, and the user is not permitted to leave them blank.