View Full Version : Form validation functions

10-28-2003, 10:21 PM
Whate are good function(s) for form validation and could you show your function with an example....


10-29-2003, 12:20 AM
ummm? bit random? do you mean anything specific? there are literally thousands of different methods for form checking.

well, here is a little function i just wrote for checking for invalid characters.

function has_invalid_chars($str, $chars){

$return = true;

$invalid_chars = preg_split("/(\s{0})/is", $chars);

foreach($invalid_chars as $invalid){

$match = '/'.preg_quote($invalid, '/').'/is';
if(preg_match($match, $str)){

$return = false;



return $return;


// you could use it like this:

has_invalid_chars('lots of \\invalid *.chars,/()', '\\.*,/()[]');

EDIT: Just so you know, this is untested.

10-29-2003, 12:26 AM
I don't need something like that

I mean right now I am using

if(trim($var1,$var2) == ""){
echo "You left something out!";

Just wondering If there are any more to choose from....

10-29-2003, 12:41 AM
Well, if you ask a very general question, and someone gives a you a specific example, and you say don't need something like this, then you really need to clarify what you are looking for, eh? Doesn't make much sense if we start posting our validation routines and you respond to each of them with "nope, that's not what I want", IMO. ;)

But speaking about useful functions I'd use to validate forms these spring to mind: isset(), strlen(), intval(), and of course my favorite: preg_match(). Since all form content comes into your script as text strings (ok, some are arrays of strings), regular expression are an ideal tool to check if the value matches a specific format such as year numbers, date formats, urls, etc...
The string functions part of the manual has a lot of more specific functions which may have their use too. Have look into the documentation examples and the user comments. Often the best place for starting to use a specific function.

10-29-2003, 12:46 AM
Can you show me how preg_match() is used?

10-29-2003, 01:12 AM
Sure. Here's a *very* simple email check:

$email = 'someone@example.com';

if (preg_match('/^([a-z\._-])+@([a-z\._-])+$/i', $email)) {
print "valid email";

The key part is the regular expression used in the first argument to preg_match(). RegExps are a useful tool, but they take some time to get comfortable with them. Essentially, you define a pattern by a mini-language, and your string to test must conform to this pattern.

10-29-2003, 02:41 AM
also (SDP), your trim() method, although handy for simple validation, does not provide any other form of checking.


enter a password ( \ / * : ) are invalid characters

you will then need to make some separate code to handle this password, hence the code i have allows you to stop the useage of these characters. My example uses preg_match() but in a more dynamic form (eg: you dont see the actual regular expression.

Im not saying you should use that method of validation, I only just wrote it when i read the thread, although i might use it now as it is a handy function. Its best to have some general ideas on form processing before you go ahead and write a script.

(P.S. If you have any probs with regex, mordred is the one you want to ask ;))