PHP Form Validation: Displaying error messages with form

This entry is part 1 of 7 in the series PHP Form Validation

Form validation is important as users could be careless with the data they have entered into the form.

We need to display some error messages when users have entered them incorrectly.

We use here a different method to display an error message as compare to an earlier post.

<?php

// Logic to do the right thing based on
// the hidden submit_check parameter
if ($_POST['submit_check']) {
    // If validate_form( ) returns errors, pass them to show_form( )
    if ($form_errors = validate_form()) {
        show_form($form_errors);
    } else {
        process_form();
    }
} else {
    show_form();
}

// Do something when the form is submitted
function process_form()
{
    print 'Hello, ' . $_POST['my_name'];
}

// Display the form
function show_form($errors = '')
{
    // If some errors were passed in, print them out
    if ($errors) {
        print 'Please correct these errors: <ul><li>';
        print implode('</li><li>', $errors);
        print '</li></ul>';
    }

    print <<< html_output
<form method='POST' action='$_SERVER[PHP_SELF]'>
Your name: <input type='text' name='my_name'>
<br/>
<input type='submit' value='Say Hello'>
<input type='hidden' name='submit_check' value='1'>
</form>
html_output;
}

// Check the form data
function validate_form()
{
    // Start with an empty array of error messages
    $errors = array();

    // Add an error message if the name is too short
    if (strlen($_POST['my_name']) < 3) {
        $errors[] = 'Your name must be at least 3 letters long.';
    }

    // Return the (possibly empty) array of error messages
    return $errors;
}

?>

In line 23, $errors = ” is the default for $errors variable. It is an empty string and resolved to false and so if there is no variable, the form is always shown.

In line 28, we also use a common method implode to join an $errors array element with the string </li><li>.

PHP Form Validation: Required elements

This entry is part 2 of 7 in the series PHP Form Validation

Required elements are common in input form.

If there is a field in the input form that is required, we can check the element’s length with strlen( ).

<?php

// Logic to do the right thing based on
// the hidden submit_check parameter
if ($_POST['submit_check']) {
    // If validate_form( ) returns errors, pass them to show_form( )
    if ($form_errors = validate_form()) {
        show_form($form_errors);
    } else {
        process_form();
    }
} else {
    show_form();
}

// Do something when the form is submitted
function process_form()
{
    print 'Hello, ' . $_POST['my_name'];
}

// Display the form
function show_form($errors = '')
{
    // If some errors were passed in, print them out
    if ($errors) {
        print 'Please correct these errors: <ul><li>';
        print implode('</li><li>', $errors);
        print '</li></ul>';
    }

    print <<< html_output
<form method='POST' action='$_SERVER[PHP_SELF]'>
Your name: <input type='text' name='my_name'>
<br/>
Your email: <input type='text' name='email'>
<br>
<input type='submit' value='Say Hello'>
<input type='hidden' name='submit_check' value='1'>
</form>
html_output;
}

// Check the form data
function validate_form()
{
    // Start with an empty array of error messages
    $errors = array();

    // Add an error message if the name is too short
    if (strlen($_POST['my_name']) < 3) {
        $errors[0] = 'Your name must be at least 3 letters long.';
    }
    if (strlen($_POST['email']) == 0) {
        $errors[1] = "You must enter an email address.";
    }

    // Return the (possibly empty) array of error messages
    return $errors;
}

?>

PHP Form Validation: Numeric elements

This entry is part 3 of 7 in the series PHP Form Validation

To ensure that a submitted value is an integer or floating-point numeric number, use the conversion functions intval() and floatval().

They give you the number (integer or floating point) inside a string, discarding any extraneous text or alternative number formats.

You can use the following code to check for integer:

if ($_POST['age'] != strval(intval($_POST['age']))) {
    $errors[] = 'Please enter a valid age.';
}

And to check for floating-point number:

if ($_POST['price'] != strval(floatval($_POST['price']))) {
    $errors[] = 'Please enter a valid price.';
}

 

PHP Form Validation: Removing whitespace

This entry is part 4 of 7 in the series PHP Form Validation

When validating elements (particularly string elements), it is often helpful to remove leading and trailing whitespace with the trim() function.

You can combine this with the strlen() test for required elements to disallow an entry of just space characters.

The combination of trim() and strlen() is shown below:

<?php

// Logic to do the right thing based on
// the hidden submit_check parameter
if ($_POST['submit_check']) {
    // If validate_form( ) returns errors, pass them to show_form( )
    if ($form_errors = validate_form()) {
        show_form($form_errors);
    } else {
        process_form();
    }
} else {
    show_form();
}

// Do something when the form is submitted
function process_form()
{
    print 'Hello, ' . $_POST['my_name'];
    print '<br>';
    print 'Your email is, ' . $_POST['email'];
}

// Display the form
function show_form($errors = '')
{
    // If some errors were passed in, print them out
    if ($errors) {
        print 'Please correct these errors: <ul><li>';
        print implode('</li><li>', $errors);
        print '</li></ul>';
    }

    print <<< html_output
<form method='POST' action='$_SERVER[PHP_SELF]'>
Your name: <input type='text' name='my_name'>
<br/>
Your email: <input type='text' name='email'>
<br>
<input type='submit' value='Say Hello'>
<input type='hidden' name='submit_check' value='1'>
</form>
html_output;
}

// Check the form data
function validate_form()
{
    // Start with an empty array of error messages
    $errors = array();

    // Add an error message if the name is too short
    if (strlen(trim($_POST['my_name'])) < 3) {
        $errors[0] = 'Your name must be at least 3 letters long.';
    }
    if (strlen($_POST['email']) == 0) {
        $errors[1] = 'You must enter an email address.';
    }

    // Return the (possibly empty) array of error messages
    return $errors;
}

?>

PHP Form Validation: Alter a value in $_Post

This entry is part 5 of 7 in the series PHP Form Validation

If you want to use the whitespace-trimmed value subsequently in your program, alter the value in $_POST and the test the altered value.

$_POST['name'] = trim($_POST['name']);

if (strlen($_POST['name']) == 0) {
    $errors[] = 'Your name is required.';
}

Because $_POST is auto-global, a change to one of its elements inside the validate_form() function persists to other uses of $_POST after the change in another function, such as process_form().