PHP Form Validation: Removing whitespace

This entry is part 4 of 7 in the series PHP Form Validation

When validating elements (particularly string elements), it is often helpful to remove leading and trailing whitespace with the trim() function.

You can combine this with the strlen() test for required elements to disallow an entry of just space characters.

The combination of trim() and strlen() is shown below:

<?php

// Logic to do the right thing based on
// the hidden submit_check parameter
if ($_POST['submit_check']) {
    // If validate_form( ) returns errors, pass them to show_form( )
    if ($form_errors = validate_form()) {
        show_form($form_errors);
    } else {
        process_form();
    }
} else {
    show_form();
}

// Do something when the form is submitted
function process_form()
{
    print 'Hello, ' . $_POST['my_name'];
    print '<br>';
    print 'Your email is, ' . $_POST['email'];
}

// Display the form
function show_form($errors = '')
{
    // If some errors were passed in, print them out
    if ($errors) {
        print 'Please correct these errors: <ul><li>';
        print implode('</li><li>', $errors);
        print '</li></ul>';
    }

    print <<< html_output
<form method='POST' action='$_SERVER[PHP_SELF]'>
Your name: <input type='text' name='my_name'>
<br/>
Your email: <input type='text' name='email'>
<br>
<input type='submit' value='Say Hello'>
<input type='hidden' name='submit_check' value='1'>
</form>
html_output;
}

// Check the form data
function validate_form()
{
    // Start with an empty array of error messages
    $errors = array();

    // Add an error message if the name is too short
    if (strlen(trim($_POST['my_name'])) < 3) {
        $errors[0] = 'Your name must be at least 3 letters long.';
    }
    if (strlen($_POST['email']) == 0) {
        $errors[1] = 'You must enter an email address.';
    }

    // Return the (possibly empty) array of error messages
    return $errors;
}

?>

PHP Form Validation: Numeric elements

This entry is part 3 of 7 in the series PHP Form Validation

To ensure that a submitted value is an integer or floating-point numeric number, use the conversion functions intval() and floatval().

They give you the number (integer or floating point) inside a string, discarding any extraneous text or alternative number formats.

You can use the following code to check for integer:

if ($_POST['age'] != strval(intval($_POST['age']))) {
    $errors[] = 'Please enter a valid age.';
}

And to check for floating-point number:

if ($_POST['price'] != strval(floatval($_POST['price']))) {
    $errors[] = 'Please enter a valid price.';
}

 

PHP Form Validation: Required elements

This entry is part 2 of 7 in the series PHP Form Validation

Required elements are common in input form.

If there is a field in the input form that is required, we can check the element’s length with strlen( ).

<?php

// Logic to do the right thing based on
// the hidden submit_check parameter
if ($_POST['submit_check']) {
    // If validate_form( ) returns errors, pass them to show_form( )
    if ($form_errors = validate_form()) {
        show_form($form_errors);
    } else {
        process_form();
    }
} else {
    show_form();
}

// Do something when the form is submitted
function process_form()
{
    print 'Hello, ' . $_POST['my_name'];
}

// Display the form
function show_form($errors = '')
{
    // If some errors were passed in, print them out
    if ($errors) {
        print 'Please correct these errors: <ul><li>';
        print implode('</li><li>', $errors);
        print '</li></ul>';
    }

    print <<< html_output
<form method='POST' action='$_SERVER[PHP_SELF]'>
Your name: <input type='text' name='my_name'>
<br/>
Your email: <input type='text' name='email'>
<br>
<input type='submit' value='Say Hello'>
<input type='hidden' name='submit_check' value='1'>
</form>
html_output;
}

// Check the form data
function validate_form()
{
    // Start with an empty array of error messages
    $errors = array();

    // Add an error message if the name is too short
    if (strlen($_POST['my_name']) < 3) {
        $errors[0] = 'Your name must be at least 3 letters long.';
    }
    if (strlen($_POST['email']) == 0) {
        $errors[1] = "You must enter an email address.";
    }

    // Return the (possibly empty) array of error messages
    return $errors;
}

?>