In this post we'll see how to do some basic PHP validations of form input using preg_match() function. One of the vulnerable spot in a website which attracts malicious hackers are the user input forms like registration form, contact form etc. Validating the user input before processing is the first and foremost step in securing the site. The validation includes checking if the data we received is in the right format and length. Generally it's a practice among web developers to do validation check at the client side (like java script). Still it’s easy for someone to break thru it and harm your site. So it's strictly advisable to do these validations on the server side (like PHP).
Generally we receive the form input as string and we can use preg_match with appropriate regular expression to check a required pattern in the input string.
Preg Match Syntax
Before dwelling into the validation process, here take a sneak peak at the syntax of preg match function.
1. Form Input should contain only alphabets
Say we have a "Name" field in which we want the user to enter only alphabets. Then we can do the checking by this PHP code,
<?php
$name = $_POST["Name"];
if(!preg_match("/^[a-zA-Z]+$/",$name)) { die ("Invalid Name");}
?>
Where in the regular expression, ^ matches the start of the string and $ matches the end of the string. Also "a-zA-Z" is used in the expression to include both upper and lower case alphabets.
The above code checks each character of the string against the regular expression and throws error incase if there is any other character other than alphabet present in the string.
2. Form Input should contain only alphanumeric characters
In case we want a field (eg., "username") to contain only alphanumeric characters then we can alter the above preg_match expression to include 0-9 numbers too.
<?php
$username = $_POST["Username"];
if(!preg_match("/^[a-zA-Z0-9]+$/",$username)) { die ("Invalid Username");}
?>
3. First character should be alphabet
We can also force a field's first character to be an alphabet. Let’s take the same "username" example. It can contain alphanumeric characters but we want the first character to be an alphabet. The below code will check if the first character is an alphabet.
<?php
$username = $_POST["Username"];
if(!preg_match("/^[a-zA-Z]/",$Username)) { die ("Username should start with an alphabet");}
?>
Instead of using the expression "/^[a-zA-Z]/", we can use "/^[a-z]/i" also. Here ‘i’ represents case independent ie., includes both uppercase and lowercase alphabets.
4. Form Input should contain alphanumeric with special characters
What if you want the input field to contain special characters also? Here is an expression that let the string to have alphanumeric characters along with hyphen (-) and space.
<?php
if(!preg_match("/^[a-zA-Z\-\ ]+$/",$name)) { die ("Invalid Name");}
?>
5. Check for valid Email-ID
The below code will check if the given email id is a valid one.
<?php
$emailid = $_POST["Emailid"];
if(!preg_match("/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/",$emailid)) { die ("Invalid Email-ID");}
?>
We have discussed so far some of the common validations we should employ while validating a form. Though it will take a while to warm up with regular expressions, they are quite powerful and using the right expression will do the trick.
Hope you would have enjoyed this article. If you find this one useful, please share it in your circle.