Summary: in this tutorial, you’ll learn about PHP form validation, how to validate form data, and how to show error messages if the user inputs are invalid.
Introduction to PHP form validation #
When processing a form, it’s critical to validate user inputs to ensure that the data is in a valid format.
There are two types of validations:
- Client-side validation
- Server-side validation
The client-side validation provides instant feedback to the user, while the server-side validation can ensure that all data is valid before processing such as saving to database.
To validate data at the client side, you can use HTML5 validation or JavaScript.
The server-side validation validates data in the server using PHP.
To validate data in PHP, you can use filters with the following filter funtions:
filter_has_var– check if a variable exists in theGETandPOSTrequests.filter_input– validate data.
Validating emails #
The following shows how to check if the email is in the POST request and validate it:
<form action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="post">
<div>
<label for="email">Email:</label>
<input type="text" name="email">
<button type="submit">Submit</button>
</div>
</form>
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check if the email field is set and not empty
if(filter_has_var(INPUT_POST, 'email')) {
// validate email
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
if($email !== false) {
echo "Email is valid: " . htmlspecialchars($email);
} else {
echo "Invalid email format." . $_POST['email'];
}
}
}Code language: PHP (php)How it works.
First, check if the email is in the POST request using the filter_has_var function:
if(filter_has_var(INPUT_POST, 'email')) {Code language: PHP (php)Second, validate email using the filter_input function with the filter id FILTER_VALIDATE_EMAIL:
$email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);Code language: PHP (php)If the email is not valid, the filter_input function returns false. If the email is valid, then the function returns the email.
Third, display an error message if the email is not valid or a success message otherwise:
if($email !== false) {
echo "Email is valid: " . htmlspecialchars($email);
} else {
echo "Invalid email format." . $_POST['email'];
}Code language: PHP (php)Validating integers #
The following form requests you to enter your age and validate it as an integer with the valid range of (0,150):
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check if the age field is set and not empty
if(filter_has_var(INPUT_POST, 'age')) {
// validate age between 0 and 150
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT, [
'options' => [
'min_range' => 0,
'max_range' => 150
]
]);
if($age !== false) {
echo "Age is valid: " . htmlspecialchars($age);
} else {
echo "Age is not valid:" . $_POST['age'];
}
}
}
?>
<form action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="post">
<div>
<label for="age">Age:</label>
<input type="text" name="age" placeholder="Enter your age">
<button type="submit">Submit</button>
</div>
</form>
Code language: PHP (php)How it works.
First, check if the age is in the POST request using the filter_has_var function:
if(filter_has_var(INPUT_POST, 'age')) {Code language: PHP (php)Second, validate age using the filter_input function with the filter id FILTER_VALIDATE_INT:
$age = filter_input(INPUT_POST, 'age', FILTER_VALIDATE_INT, [
'options' => [
'min_range' => 0,
'max_range' => 150
]
]);Code language: PHP (php)The options limits the range of the age between 0 and 150.
If the age is not valid, the filter_input function returns false. If the age is valid, then the function returns the age.
Third, display an error message if the age is not valid or a success message otherwise:
if($age !== false) {
echo "Age is valid: " . htmlspecialchars($age);
} else {
echo "Age is not valid:" . $_POST['age'];
}Code language: PHP (php)Validating floats #
The following form requests you to enter your weight and validate it as a float with the valid range of (0,300):
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check if the weight field is set and not empty
if(filter_has_var(INPUT_POST, 'weight')) {
// validate weight between 0 and 150
$weight = filter_input(INPUT_POST, 'weight', FILTER_VALIDATE_FLOAT, [
'options' => [
'min_range' => 0,
'max_range' => 300
]
]);
if($weight !== false) {
echo "Weight is valid: " . htmlspecialchars($weight);
} else {
echo "Weight is not valid:" . $_POST['weight'];
}
}
}
?>
<form action="<?= htmlspecialchars($_SERVER['PHP_SELF']) ?>" method="post">
<div>
<label for="weight">Weight:</label>
<input type="text" name="weight" placeholder="Enter your weight in lbs">
<button type="submit">Submit</button>
</div>
</form>
Code language: PHP (php)How it works.
First, check if the weight is in the POST request using the filter_has_var function:
if(filter_has_var(INPUT_POST, 'weight')) {Code language: PHP (php)Second, validate the weight using the filter_input function with the filter id FILTER_VALIDATE_FLOAT:
$weight = filter_input(INPUT_POST, 'weight', FILTER_VALIDATE_FLOAT, [
'options' => [
'min_range' => 0,
'max_range' => 300
]
]);Code language: PHP (php)The options limits the range of the weight between 0 and 300.
If the weight is not valid, the filter_input function returns false. If the weight is valid, then the function returns the weight as a float.
Note that the filter FILTER_VALIDATE_FLOAT trims the input before validating.
Third, display an error message if the weight is not valid or a success message otherwise:
if ($weight !== false) {
echo "Weight is valid: " . htmlspecialchars($weight);
} else {
echo "Weight is not valid:" . $_POST["weight"];
}Code language: PHP (php)PHP form validation example #
We’ll build an email subscription form that includes a validation feature. The form has the name and email input elements and a submit button: