Server Side Form Validation With PHP

Introduction

Server Side form validation with PHP is time consuming, yet a powerful tool to validate the form content before making any solid use of it.

This articles can guide you to validate the form data making use of SESSIONS, CLASSES & FUNCTIONS.

Workflow

The main file, "index.php" contains the form that is supposed to be filled in by the user.

The form on this page submits the data to another page "process.php" where the form data is validated by putting it through several conditions complying with the business logic.

After validation, the server is redirected to the page "index.php" again.

index.php:

<?php

session_start();

include("form.php");

?>

<html>

            <?php

            if($form->num_errors > 0) echo $form->num_errors." Errors found in the form.<br>";

            else if(isset($_SESSION['message']))

            {

                        echo $_SESSION['message']."<br>";

                        unset($_SESSION['message']);

            }

            else echo "<br>";

            ?>

            <form action='process.php' method='post'>

                        <table>

                                    <tr>

<td>Username</td>

<td><input type='text' name='user' value='<?php echo $form->value("user"); ?>'></td>

<td><?php echo $form->error("user"); ?></td>

</tr>

                                    <tr>

<td>Password</td>

<td><input type='password' name='pass' value='<?php echo $form->value("pass"); ?>'></td>

<td><?php echo $form->error("pass"); ?></td>

</tr>

                                    <tr>

<td>Email</td>

<td><input type='text' name='email' value='<?php echo $form->value("email"); ?>'></td>

<td><?php echo $form->error("email"); ?></td>

</tr>

                                    <tr>

<td>Contact</td>

<td><input type='text' name='cont' value='<?php echo $form->value("cont"); ?>'></td>

<td><?php echo $form->error("cont"); ?></td>

</tr>

                        </table>

                        <input type='submit' value='Submit'>

                        <input type='hidden' name='form1' value='1'>

            </form>

</html>

process.php:
 

<?php

include("form.php");

class Process

{

            function Process()

            {

                        session_start();

                        if(isset($_POST['form1'])) $this->validateForm1();

            }

           

            function validateForm1()

            {

                        global $form;

                       

                        $user = $_POST['user'];

                        $pass = $_POST['pass'];

                        $email= $_POST['email'];

                        $cont = $_POST['cont'];

                       

                        if(!$user || strlen($user = trim($user)) == 0) $form->setError("user", "Username not entered");

                       

                        if($pass)

                        {

                                    if(strlen($user = trim($pass)) < 6) $form->setError("pass", "Password too short");

                        }

                        else $form->setError("pass", "Password not entered");

                       

                        if(!$email || strlen($email = trim($email)) == 0) $form->setError("email", "Email not entered");

                       

                        if($cont)

                        {

                                    if(!is_numeric($cont)) $form->setError("cont", "Invalid Contact No");

                                    else if(strlen($cont = trim($cont)) != 10) $form->setError("cont", "Contact No should be of 10 digits");

                        }

                        else $form->setError("cont", "Contact No. not entered");

                       

                        if($form->num_errors > 0)

                        {

                                    $_SESSION['value_array'] = $_POST;

                                    $_SESSION['error_array'] = $form->getErrorArray();

                        }

                        else

                        {

                                    $_SESSION['message'] = "No errors in the form, good to go!";

                        }

                        header("Location: index.php");

            }

}

 

$process = new Process;

Description

Two object arrays are created, one to store the field names of the form and the corresponding values submitted by the user.

Another array serves the purpose of storing the field names and the corresponding validation messages to be displayed.

During the process of validation, the fields not complying with the standards are stored in the array "errors" along with the message to be displayed.

All the values submitted by the user are stored in the array "values".

After the validation, two SESSION arrays, namely "value_array" and "error_array" are used to contain the previous arrays "values" and "errors". These SESSION arrays are helpful in retrieving the form and validation data on "index.php" again.

form.php:
 

<?php

class Form

{

            var $values = array();

            var $errors = array();

            var $num_errors;

            function Form()

            {

                        if(isset($_SESSION['value_array']) && isset($_SESSION['error_array']))

                        {

                                    $this->values = $_SESSION['value_array'];

                                    $this->errors = $_SESSION['error_array'];

                                    $this->num_errors = count($this->errors);

                                    unset($_SESSION['value_array']);

                                    unset($_SESSION['error_array']);

                        }

                        else $this->num_errors = 0;

            }

 

            function setValue($field, $value)

            {

                        $this->values[$field] = $value;

            }

 

            function setError($field, $errmsg)

            {

                        $this->errors[$field] = $errmsg;

                        $this->num_errors = count($this->errors);

            }

 

            function value($field)

            {

                        if(array_key_exists($field,$this->values)) return htmlspecialchars(stripslashes($this->values[$field]));

                        else return "";

            }

 

            function error($field)

            {

                        if(array_key_exists($field,$this->errors)) return "<font color=\"#ff0000\">".$this->errors[$field]."</font>";

                        else return "";

            }

 

            function getErrorArray()

            {

                        return $this->errors;

            }

};

 

$form = new Form;

?>


Functions used to validate, store and retrieve the form data

Function "setValue" inserts a field name and the corresponding value submitted by the user to the array "values" on "process.php".
Function "setError" inserts a field name and the corresponding error messages to the array "errors" on "process.php".
Function "value" returns the value submitted by the user corresponding to the field name passed as the argument.
Function "error" returns the error message corresponding to the field name passed as the argument.
Variable "num_errors" maintains a count of the number of errors found in the form.



Kindly revert with the suggested betterment for this process.


Similar Articles