form validation methods


Hello php friends,

I am building a registration and login system. I am new to php and backend programming. I do not know the best method to validate data. I am hoping that someone can give me a tip. I am beginning the validation of post data and I’ve noticed that I already have alot of if else statements. Since I cannot see how the pros handle this info, I am left wondering if this is the correct way to process data. Is this correct? for example, with a name field as simple as first name, I need to check if the name holds an empty string, is the name alphanumeric, is the name less than a certain number of characters and greater than a certain number number of characters. The name process is complex, thus, I end up with a large if statement. Further, I worry that if data is not controlled at the form or via javascript, then perhaps assigning a variable to the post data could be a hazard. Let’s say that client-side validation fails, then a malicious user adds a ton of data to each input field. Wouldn’t this create a large variable that could end up becoming a dos attack? thus, checking data before assigning a variable is better?

so far, my validation for a first name is complex.
if (isset($_POST[‘firstame’]) && !is_null() && strlen($_POST[‘firstame’]) >= 2 && strlen($_POST[‘firstame’]) <= 30) { assign variable } else { assign error }
but I will also need to check for alphanumeric data. we can’t have numbers/digits in a first name:
if (preg_match(’~[0-9]+~’, $_POST[‘firstame’])) { set error; }

since a first name and a last name needs checked, is a function better or a switch?
are there better methods for processing and validating input?

any tips are much appreciated. Thank You.


1, that isn’t how a DDoS attack works.

  1. You use functions that are generic enough to check specific things for each validation.


function validateAlphAtleastTwoChars($val) {
if(!preg_match(’/^[a-zA-Z]{2,}$/’, $val))
return false;
return true;

$names = [
’ ',

foreach( $names as $name){
echo "{$name} is only alphanumeric and at least 2 characters " . json_encode(validateAlphAtleastTwoChars($name));
echo “\n”;