PHP Server Side Form Validation

After making an HTML form, you will need to check form validation, because there is no guarantee that the input given by the user is always correct.

PHP can validate form input server side, submitted by the user using HTML forms.

You need to check a few things:

  • Numbers only
  • Empty values
  • Input length
  • Strip HTML tags
  • Email address

Employee Information Sample HTML Form

The code block below shows a simple HTML form with PHP Server Side Validation.

The HTML Form

First, let's look at the form below. The purpose of the form is to capture user details (name, number, and email).

html-form

Example:
<!DOCTYPE html>
<html>
<head>
 <meta charset="utf-8">
 <title>Employee Information Sample HTML Form</title>
 <style type="text/css" >
  .errorMsg{border:1px solid red; }
  .message{color: red; font-weight:bold; }
 </style>
</head>

<body>
  <?php if (isset($errorMsg)) { echo "<p class='message'>" .$errorMsg. "</p>" ;} ?>

<form name= "registration" id= "registration" method= "post" action= "">
<table width= "400" border= "0" align="center" cellpadding= "4" cellspacing= "1">
<tr>
<td>Employee Name:</td>
<td><input name= "emp_name" type= "text" id="emp_name" value="<?php if(isset($name)){echo $name;} ?>"
<?php if(isset($code) && $code == 1){echo "class=errorMsg" ;} ?> ></td>
</tr>
<tr>
<td>Contact No.: </td>
<td><input name= "emp_number" type= "text" id= "emp_number" value="<?php if(isset($number)){echo $number;} ?>"
<?php if(isset($code) && $code == 2){echo "class=errorMsg" ;}?> ></td>
</tr>
<tr>
<td> Personal Email: </td>
<td><input name= "emp_email" type= "text" id= "emp_email" value="<?php if(isset($email)){echo $email; }?>"
<?php if(isset($code) && $code == 3){echo "class=errorMsg" ;}?> ></td>
</tr>
<tr>
<td></td>
<td><input type= "submit" name= "Submit" value= "Submit"></td>
</tr>
</table>
</form>

</body>
</html>

Capturing and Validating the Form Contents

Let's look at the PHP required for validating the submitted form. All of this code would be placed towards the top of the page before the HTML for the form:

Example:
<?php
if(isset($_POST['Submit'])){

  $emp_name=trim($_POST["emp_name"]);
  $emp_number=trim($_POST["emp_number"]);
  $emp_email=trim($_POST["emp_email"]);

  if($emp_name =="") {
    $errorMsg=  "error : You did not enter a name.";
    $code= "1" ;
  }
  elseif($emp_number == "") {
    $errorMsg=  "error : Please enter number.";
    $code= "2";
  }
  //check if the number field is numeric
  elseif(is_numeric(trim($emp_number)) == false){
    $errorMsg=  "error : Please enter numeric value.";
    $code= "2";
  }
  elseif(strlen($emp_number)<10){
    $errorMsg=  "error : Number should be ten digits.";
    $code= "2";
  }
  //check if email field is empty
  elseif($emp_email == ""){
    $errorMsg=  "error : You did not enter a email.";
    $code= "3";
} //check for valid email 
elseif(!preg_match("/^[_\.0-9a-zA-Z-][email protected]([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $emp_email)){
  $errorMsg= 'error : You did not enter a valid email.';
  $code= "3";
}
else{
  echo "Success";
  //final code will execute here.
}

}
?>