Taking Advantage of PEAR: Validate - PHP

While the functions described in the preceding section work well for stripping potentially malicious data from user input, what if you want to verify whether the provided data is a valid e-mail address (syntactically), or whether a number falls within a specific range? Because these are such commonplace tasks, a PEAR package called Validate can perform these verifications and more. You can also install additional rules for validating the syntax of localized data, such as an Australian phone number, for instance.

Installing Validate

To take advantage of Validate ’s features, you need to install it from PEAR. Therefore, start PEAR and pass along the following arguments:

%>pear install -a Validate-0.6.5

--------------------------------------------
Starting to download Validate-0.6.5.tgz (16,296 bytes)
......done: 16,296 bytes
downloading Date-1.4.6.tgz ...
Starting to download Date-1.4.6.tgz (53,535 bytes)
...done: 53,535 bytes
install ok: channel://pear.php.net/Date-1.4.6
install ok: channel://pear.php.net/Validate-0.6.5
--------------------------------------------

The -a will result in the optional package dependency Date , also being installed. If you don’t plan on validating dates, you can omit this option. Also, in this example the version number is appended to the package; this is because at the time this was written, Validate was still in a beta state. Once it reaches a stable version there will be no need to include the version number.

Validating a String

Some data should consist only of numeric characters, alphabetical characters, a certain range of characters, or maybe even all uppercase or lowercase letters. You can validate such rules and more using Validate ’s string() method:

<?php
    // Include the Validate package
    require_once "Validate.php";

    // Retrieve the provided username
    $username = $_POST['username'];

    // Instantiate the Validate class
    $validate = new Validate();

    // Determine if address is valid
    if($validate->string($username, array("format" => VALIDATE_ALPHA,
                         "min_length"=> "3", "max_length" => "15")))
        echo "Valid username!";
    else
        echo "The username must be between 3 and 15 characters in length!";
?>

Validating an E-mail Address

Validating an e-mail address’s syntax is a fairly difficult matter, requiring the use of a somewhat complex regular expression. The problem is compounded with most users’ lack of understanding regarding what constitutes a valid address. For example, which of the following three e-mail addresses are invalid?

john++ilove-pizza@example.com

john&sally4ever@example.com

i.brake4_pizza@example.co.uk

You might be surprised to learn they’re all valid! If you don’t know this and attempt to implement an e-mail validation function, it’s possible you could prevent a perfectly valid e-mail address from being processed. Why not leave it to the Validate package? Consider this example:

<?php 

    // Include the Validate package
    require_once "Validate.php";

    // Retrieve the provided e-mail address
    $email = $_POST['email'];

    // Instantiate the Validate class
    $validate = new Validate();

    // Determine if address is valid
    if($validate->email($email))
        echo "Valid e-mail address!";
    else
        echo "Invalid e-mail address!";
?>

You can also determine whether the address domain exists by passing the option check_domain as a second parameter to the email() method, like this:

$validate->email($email, array("check_domain" => 1));