Form Validation Need HELP!!!

Beginners - Learning PHP
#1

Hi people, i really need help with my PHP code. I have no idea how to do validation on my Form… you know, to make sure that user is editing correct information. I really need help with this one please!!!
This is how my Form code
[php]<?php
require ‘Controller/BikeController.php’;
$BikeController = new BikeController();
$title = “Add a new Bike”;
/*******************************************************
Thiese are all the field for Add a new Bike page for editing
*******************************************************/
$content ="

Add a new Bike
Name: 

    <label for='type'>Type: </label>
    <select class='inputField' name='ddlType'>
        <option value='%'>All</option>"
    .$BikeController->CreateOptionValues($BikeController->GetBikeTypes()).
    "</select><br/>

    <label for='price'>Price: </label>
    <input type='text' class='inputField' name='txtPrice' /><br/>

    <label for='roast'>Code: </label>
    <input type='text' class='inputField' name='txtCode' /><br/>

    <label for='discount'>Discount: </label>
    <input type='text' class='inputField' name='txtDiscount' /><br/>

    <label for='image'>Image: </label>
    <select class='inputField' name='ddlImage'>"
    .$BikeController->GetImages().
    "</select></br>
    
    </select></br>

    <label for='review'>Review: </label>
    <textarea cols='70' rows='12' name='txtReview'></textarea></br>

    <input type='submit' value='Submit'>
</fieldset>
";

/*******************************************************
Calls function InsertBike()
*******************************************************/
if(isset($_POST[“txtName”]))
{
//$BikeController->InsertBike();
}
include ‘./Templet.php’;
?>
[/php]

#2

Well, this could start a very long thread as there are many many ways to validate inputs from forms.
Here is a sample code from one of my sites that might help you out. As you see it validates most of
the inputs that are usually used on a form. It checks for empty data and valid data. It is not complete,
but should cover most of your validation questions. Hope it helps…
[php]
$first_name = $_POST[‘first_name’];
$last_name = $_POST[‘last_name’];
$username = $_POST[‘username’];
$email = $_POST[‘email’];
$address1 = $_POST[‘address1’];
$address2 = $_POST[‘address2’];
$city = $_POST[‘city’];
$state = $_POST[‘state’];
$zipcode = $_POST[‘zipcode’
$security_question = $_POST[‘security_question’];
$security_answer = $_POST[‘security_answer’];

	//  Validate all entries before saving to database and escape any invalid data such as programming codes...
	$errormessage = "";
	if (empty($first_name)) $errormessage .= "<br />First name is missing!";
	if (!preg_match("/^[a-z A-Z]*$/", $first_name)) $errormessage .= "<br />First name must be only letters and spaces.";
	if (empty($last_name)) $errormessage .= "<br />Last name is missing!";
	if (!preg_match("/^[a-z A-Z]*$/", $last_name)) $errormessage .= "<br />Last name must be only letters and spaces.";
	if (empty($email)) $errormessage .= "<br />Email address is missing!";
	if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) $errormessage .= "Email address is not a valid format.";
	if (empty($username)) $errormessage .= "<br />Username is missing!";
	if ($username==$password) $errormessage .= "<br />Username can not match the password!";
	if ((strlen($username) < 4) || (strlen($username) > 20)) $errormessage .= "<br>Username must be 4 to 20 characters please.";
	if(!preg_match("/^[a-zA-Z0-9]*$/", $username)) $errormessage .= "<br />Username must be letters and numbers only.";
	if($security_question==0) $errormessage .= "<br />You have to select a security question";
	if(empty($security_answer)) $errormessage .= "<br />You must answer your security question.";
	$security_answer = preg_replace('#[^A-Za-z0-9 ]#i', '', $security_answer);	// filter everything but letters and numbers and whitespaces
	if (empty($address1)) $errormessage .= "<br />Address1 is missing!  ( Address line 2 is optional )";
	if (!preg_match("/^[a-zA-Z0-9. ]*$/", $address1)) $errormessage .= "<br />Address 1 must be only letters, numbers and whitespace.";
	if (!preg_match("/^[a-zA-Z0-9. ]*$/", $address2)) $errormessage .= "<br />Address 2 must be only letters, numbers and whitespace.";
	if (empty($city)) $errormessage .= "<br />City is missing!";
	if (!preg_match("/^[a-zA-Z0-9. ]*$/", $city)) $errormessage .= "<br />City must be only letters, numbers and whitespace.";
	if (empty($zipcode)) $errormessage .= "<br />Zipcode or Postal Code is missing!";

            if ($errormessage=="") {
               Do something here, all validations passed...
            } else {
               echo "<br />Your form has an error in it, please fix and resubmit!<br />" . $errormessage . "<br />";
             }

[/php]
Note that you should also refill the form’s fields using the posted data so that the user does not have to
retype all of the fields, just the ones that are bad. Some programmers store the errors into an array and
then use them to highlight the bad fields so the user knows exactly which are bad.

Hope this helps!

#3

Not a bad way to handle the form validation. I tend to use loops anymore to use less code, but it can get tricky depending on how you want to validate the data.

You did skip validating only digits for the zip code though :wink:

#4

Yep, and I left out the phone numbers, too… But, it was just to give him a sample way to get started…
Yes on using a loop or a function to do validation. I have code somewhere that has a function you can
call with arguments for the fieldname and what you want to validate, but, it is tedious to learn that way.
This is just a simple way to validate and show the error list… Lots of other ways to do it…

#5

That’s why I didn’t add anything useful. I built a validation class a few months ago that I have been vetting. Seems like the more you learn the more complicated the code base gets.

Sponsor our Newsletter | Privacy Policy | Terms of Service