Verifying form data - PHP

The World Wide Web (WWW) does only one thing - provide information. If you have information about something, you can share it with the world by building a website. As your website grows you may run into two problems: Your website has so much information that visitors can't quickly find what they want and visitors want to give you information. Both of these problems can be solved by building a database on a website. This introductory article shows you how to do this using basic PHP-MySQL interaction.

TABLE OF CONTENTS:

By: Thomas Kehoe

Poor Best

Rating:

/ 100

January 11, 2000

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Some visitors to your website will try to enter invalid data into your database. You'll want to write a verification script to clean up entered data.

Trimming white space
Required fields
Checking e-mail addresses
Checking that the username is unique

Trimming white space

trim will remove white spaces from the beginning and end of the data:

trim ($first_name);

Required fields

Some of your fields will be required. In other words, visitors have to enter something in the field. The following script checks that a first name was entered:

if (ereg(".", $first_name) == 1)
{
echo "First name: ", "$first_name";
$verify = "OK";
}
else
{
print ("<b>Error:</b> A first name is required.");
$verify = "bad";
}

ereg means "evaluate regular expression". "Regular expressions" are the UNIX function for finding patterns in strings of letters and numbers. ereg is followed by parentheses, and you can put three arguments in the parentheses. The arguments are separated by commas. The first argument is the pattern to search for, usually surrounded by quotation marks. The second argument is where ereg is to search, usually a variable. The third, optional, argument is an array to put matches into. This argument is a variable.

ereg returns either a "0" (false) or a "1" (true).

The dot . or period is a regular expression wild card meaning "any character."

(ereg(".", $first_name) == 1) means "the variable '$first_name' contains anything". If this expression is true, then the first name is printed, and the variable $verify is set to "OK".

The else argument executes when ereg returns "0" (false).

There are three other versions of the ereg function.

ereg_replace uses three arguments: the first is the pattern to search for, the second is the pattern to replace the first pattern, and the third is where to search (a variable).
eregi is the same as ereg, except that it's not case-sensitive (i.e., it doesn't differentiate upper- and lower-case letters).
eregi_replace is not case sensitive

Alternative means to the same end

The line if (ereg(".", $first_name) == 1) can be simplified to if ($first_name). I used the longer form to show how to use ereg in a simple example.

Checking e-mail addresses

The following ereg arguments test validity of e-mail addresses:

"\@"	Must include @
"^\@"	Can't begin with @
"\@.*.\."	Must have characters between @ and .
"\....*"	At least two characters after the .
" "	No spaces permitted
"<" ">"	No angle brackets permitted

Checking that the username is unique

You may need to make sure no two visitors try to use the same name:

mysql_connect (localhost, username, password);
mysql_select_db (dbname);
$result = mysql_query ("SELECT * FROM tablename
WHERE USER_NAME = '$USER_NAME'
");
if ($row = mysql_fetch_array($result))
{
print ("<b>Error:</b> The user name <b>");
print ("$USER_NAME");
print ("</b> has been taken.  Go back and enter a new user name.");
print ("<p>");
$verify = "bad";
}
else
{
print ("User name: ");
print ("$USER_NAME");
}

This code connects to MySQL, then searches the database for the entered username. Note that the = equals sign is used for an exact search, when previously we used LIKE to do wildcard searches. If any result is found, the visitor is told to enter a new username.

Next: Using cookies to identify and track visitors >>