Simple Validation
Imagine for a moment that we've got our database nicely laid out and we're now requesting information
from users that will be inserted into the database. Further, let's imagine that you have a field in your
database waiting for some numeric input, such as a price. Finally, imagine your application falling over in a
screaming heap because some smart aleck put text in that field. MySQL doesn't want to see text in that
portion of your SQL statement - and it complains bitterly.
What to do? Time to validate.
Validation simply means that we'll examine a piece of data, usually from an HTML form, and check to make
sure that it fits a certain model. This can range from ensuring that a element is not blank to validating that
an element meets certain criteria (for example, that a numeric value is stipulated or that an email address
contains an @ for an email address).
Validation can be done on the server side or on the client side. PHP is used for server-side validation, while
JavaScript or another client-based scripting language can provide client-side validation. This article is
about PHP, so we're going to concentrate on the server end of things. But if you're looking for some readymade, client-side validation scripts, check out the Webmonkey code library.
Let's ignore our database for the moment and concentrate on PHP validation. If you wish, you can add
additional fields to our employee database quite simply by using the MySQL ALTER statement - that is, if
you want to commit to the values that we'll validate.
There are several useful PHP functions we can use to validate our data, and they range from simple to
highly complex. A simple function we could use might be strlen(), which tells us the length of the variable.
A more complex function would be ereg(), which uses full regular expression handling for complex queries. I
won't delve into the complexities of regex here, as entire books have been written on the subject, but I will
provide some examples on the next page.
Let's start with a simple example. We'll check to see whether a variable does or does not exist.
<html>
<body>
<?php
if ($submit) {
if (!$first || !$last) {
$error = "Sorry! You didn't fill in all the fields!";
} else {
// process form
echo "Thank You!";
}
}
if (!$submit || $error) {
echo $error;
?>
<P>
<form method="post" action="<?php echo $PHP_SELF ?>">
FIELD 1: <input type="text" name="first" value="<?php echo $first ?>"><br>
FIELD 2: <input type="text" name="last" value="<?php echo $last ?>"><br>
<input type="Submit" name="submit" value="Enter Information">
</form>
<?php
} // end if
?>
</body>
</html>
The keys to this script are the nested conditional statements. The first checks to see whether the Submit
button has been pressed. If it has, it goes on to check that both the variables $first and $last exist. The
|| symbol means "or" and the ! symbol means "not." We could also rewrite the statement to say, "If $first
does not exist or $last does not exist, then set $error to the following."
Next, let's extend things a little by checking to see whether a string is a certain length. This would be ideal
for passwords, since you don't want some lazy user entering a password of only one or two letters. You'd
rather it be, say, six or more characters.
The function for this is, as you already know, strlen(). It simply returns a number equal to the number of
characters in the variable being tested. Here, I modified the script above to check the length of $first and
$last.
<html>
<body>
<?php
if ($submit) {
if (strlen($first) < 6 || strlen($last) < 6) {
$error = "Sorry! You didn't fill in all the fields!";
} else {
// process form
echo "Thank You!";
}
}
if (!$submit || $error) {
echo $error;
?>
<P>
<form method="post" action="<?php echo $PHP_SELF ?>">
FIELD 1: <input type="text" name="first" value="<?php echo $first ?>"><br>
FIELD 2: <input type="text" name="last" value="<?php echo $last ?>"><br>
<input type="Submit" name="submit" value="Enter Information">
</form>
<?php
} // end if
?>
</body>
</html>
Run this script and try entering six or fewer letters to see what happens. It's simple yet quite effective.
0 Comments:
Post a Comment