FORM VALIDATION

  • Form validation is the process of checking the data submitted by a user through an input form on a website or application to ensure that it meets the required criteria or constraints before it is processed or stored. The primary goal of form validation is to ensure the accuracy, completeness, and integrity of the data entered by the user, as well as to prevent erroneous or malicious data from being submitted.

Form validation typically involves the following key aspects:

  • Data Type Validation: Checking that the data entered matches the expected data type. For example, ensuring that an email address field contains a valid email address or that a date field contains a valid date.
  • Required Field Validation: Ensuring that mandatory fields are not left empty. Users must provide data for these fields before submitting the form.
  • Length and Size Validation: Verifying that the length or size of the input data falls within acceptable limits. For example, a password may need to be a minimum of 8 characters long.
    • Format Validation: Checking that the data follows a specific format or pattern. This is common for fields like phone numbers, postal codes, and credit card numbers.
    • Range Validation: Ensuring that numeric values fall within a specified range. For instance, age must be a positive integer less than 100.
    • Consistency Validation: Checking that data entered in one field is consistent with data entered in another. For example, ensuring that a password confirmation matches the initially entered password.
    • Unique Data Validation: Verifying that the data entered is not a duplicate of existing data. This is important for fields like usernames or email addresses to prevent duplication in a database.
    • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Prevention: Protecting against security vulnerabilities by sanitizing and validating input data to prevent potential attacks.
    • Custom Validation Rules: Implementing custom validation rules specific to the application’s requirements.

<!DOCTYPE html>

    • <html>
    • <head>
    • <title>Registration Form</title>
    • </head>
    • <body>
    • <h2>Registration Form</h2>
    • <form action=”postform.php” method=”post”>
    • <label for=”name”>Name:</label>
    • <input type=”text” id=”name” name=”name”><br><br>

<label for=”email”>Email:</label>

<input type=”email” id=”email” name=”email”><br><br>

<label for=”password”>Password:</label>

<input type=”password” id=”password”

name=”password”><br><br>

<input type=”submit” value=”Register”>

    • </form>
    • </body>
    • <?php
    • if ($_SERVER[“REQUEST_METHOD”] == “POST”) {
    • // Get user input
    • $name = $_POST[“name”];
    • $email = $_POST[“email”];
    • $password = $_POST[“password”];
    • // Validate name
    • if (empty($name)) {
    • echo “Name is required.<br>”;
    • }
    • // Validate email
    • if (empty($email)) {
    • echo “Email is required.<br>”;
    • } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    • echo “Invalid email format.<br>”;
    • }
    • // Validate password
    • if (empty($password)) {
    • echo “Password is required.<br>”;
    • } elseif (strlen($password) < 6) {
    • echo “Password must be at least 6 characters long.<br>”;
    • }
    • if (!empty($name) && !empty($email) && !empty($password) && filter_var($email, FILTER_VALIDATE_EMAIL) && strlen($password) >= 6) {
    • // Perform database operations or other actions for registration
    • echo “Registration successful!”;
    • }
    • }
    • ?>

PHP Global Variables – Superglobals

  • Some predefined variables in PHP are “superglobals”, which means that they are always accessible, regardless of scope – and you can access them from any function, class or file without having to do anything special.
  • The PHP superglobal variables are:
    • $GLOBALS
    • $_SERVER
    • $_REQUEST
    • $_POST
    • $_GET

$_SERVER[“PHP_SELF”] variable

  • The $_SERVER[“PHP_SELF”] is a super global variable that returns the filename of the currently executing script.

htmlspecialchars() function

  • The htmlspecialchars() function converts special characters to HTML entities.
  • This means that it will replace HTML characters like < and > with &lt; and &gt;.
  • This prevents attackers from exploiting the code by injecting HTML or Javascript code (Cross-site Scripting attacks) in forms.
  • $input = ‘<script>alert(“Hello, world!”);</script>’;
  • $encodedInput = htmlspecialchars($input, ENT_QUOTES, ‘UTF-8’);
  • echo $encodedInput;

preg_match() function

  • The preg_match() function searches a string for pattern, returning true if the pattern exists, and false otherwise.
  • $text = “Hello, world!”;
  • if (preg_match(“/world/”, $text)) {
  • echo “Pattern found!”;
  • } else {
  • echo “Pattern not found!”;
  • }

 

[pdf_note link=”https://drive.google.com/file/d/1bEmc-HxZ8QaboQqGz3nFDwDLvLvU_Poe/view”]