PHP Form Validation – Step-by-Step Guide

What is Form Validation in PHP?

PHP Form Validation is the process of checking user input for accuracy, completeness, and security before storing or processing the data.

Prevents invalid data submission
Protects against security threats like XSS and SQL Injection
Enhances user experience

Create an HTML Form

<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
    <label for="name">Name:</label>
    <input type="text" name="name">
    
    <label for="email">Email:</label>
    <input type="email" name="email">

    <label for="age">Age:</label>
    <input type="number" name="age">

    <input type="submit" value="Submit">
</form>

Handling Form Data in PHP

Step 1: Initialize Variables

$name = $email = $age = "";
$nameErr = $emailErr = $ageErr = "";

Step 2: Check if the Form is Submitted

 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Validate Name
    if (empty($_POST["name"])) {
        $nameErr = "Name is required";
    } else {
        $name = validateInput($_POST["name"]);
        if (!preg_match("/^[a-zA-Z ]*$/", $name)) {
            $nameErr = "Only letters and spaces allowed";
        }
    }

    // Validate Email
    if (empty($_POST["email"])) {
        $emailErr = "Email is required";
    } else {
        $email = validateInput($_POST["email"]);
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $emailErr = "Invalid email format";
        }
    }

    // Validate Age
    if (empty($_POST["age"])) {
        $ageErr = "Age is required";
    } elseif (!filter_var($_POST["age"], FILTER_VALIDATE_INT)) {
        $ageErr = "Invalid age format";
    } else {
        $age = validateInput($_POST["age"]);
    }
}

Input Validation Function

function validateInput($data) {
    $data = trim($data);       // Remove extra spaces
    $data = stripslashes($data); // Remove backslashes
    $data = htmlspecialchars($data); // Convert special characters
    return $data;
}

Displaying Errors and Data

<p style="color: red;"><?php echo $nameErr; ?></p>
<p style="color: red;"><?php echo $emailErr; ?></p>
<p style="color: red;"><?php echo $ageErr; ?></p>

<h3>Your Input:</h3>
<p>Name: <?php echo $name; ?></p>
<p>Email: <?php echo $email; ?></p>
<p>Age: <?php echo $age; ?></p>

What are the Best Practices for handling Form Validation in php

  •  Use htmlspecialchars() to prevent XSS attacks
  • Use filter_var() for email and number validation
  • Implement server-side validation, even if you have client-side JavaScript validation
  • Prevent CSRF attacks by using tokens
  • Sanitize data before storing it in the database

Read More

Blog

How to Create Database in MySQL

  • By admin
  • November 27, 2021
  • 65 views
How to Create Database in MySQL
Blog

How to create table in MySQL

  • By admin
  • November 6, 2021
  • 46 views
How to create table in MySQL
Blog

MySQL commands with examples

  • By admin
  • September 11, 2021
  • 138 views
MySQL commands with examples
Blog

MySQL use database

  • By admin
  • May 28, 2021
  • 45 views
MySQL use database
Blog

System Software

  • By admin
  • May 20, 2021
  • 66 views
Blog

Introduction to software

  • By admin
  • May 13, 2021
  • 56 views
Introduction to software