Validating User Input, Numbers, and Text
Validating user input is a big part of Web programming.
Validating user input
Following is an example showing how to validate user input; in this case, you can require the user to have entered some text in a text field. Everything starts with an array named $errors, which holds the validation error messages, if there are any:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); . . . ?> </center> </body> </html>
Next, you can check whether the user has already seen the Web page, in which case you’re supposed to check the text he or she has entered. You can make that check by seeing whether the hidden control already_shown contains any data:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ . . . ?> </center> </body> </html> If the user has already seen the page, there is, presumably, data waiting for you to check, so you can call a function named validate_data:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); . . . function validate_data() { . . . } ?> </center> </body> </html> You start the validate_data function with the line global $errors, which makes the global array $errors that you’ve created accessible inside that function-that’s what you need to do in PHP to make global data available inside functions:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); . . . function validate_data() { global $errors; . . . } ?> </center> </body> </html> Now you can check whether the text field is empty, and if it is, add an error message to the $errors array this way in validate_data:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset ($_REQUEST["already_shown"])){ . . . function validate_data() { global $errors; if($_REQUEST["name"] == "") { $errors[] = "<font color='red'>Enter your name</font>"; } } ?> </center> </body> </html> Having validated the user’s input, you next check whether there were any errors, and if so, call a function named show_errors to display the errors, and then a function named display_welcome to display the starting page again so the user can start over. Otherwise, if the data the user entered was okay, you can call a function named handle_data to process the user-entered data:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } else { handle_data(); } } else { display_welcome(); } function validate_data() { global $errors; if($_REQUEST["name"] == "") { $errors[] = "<font color='red'>Enter your name</font>"; } } . . . ?> </center> </body> </html> Next comes the show_errors function, which displays the errors in the $errors array by looping over them:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } else { handle_data(); } } else { display_welcome(); } . . . function show_errors() { global $errors; foreach ($errors as $error){ echo $error, "<br>"; } } . . . ?> </center> </body> </html> The handle_data function, called if the user successfully entered the data, displays that data:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } else { handle_data(); } } else { display_welcome(); } . . . function handle_data() { echo "Your name is "; echo $_REQUEST["name"]; } . . . ?> </center> </body> </html> Finally, the show_welcome function displays the Web page that asks the user for his or her name. Here’s what the whole page looks like:
<html> <head> <title> Validating user input </title> </head> <body> <center> <h1>Validating user input</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } else { handle_data(); } } else { display_welcome(); } function validate_data() { global $errors; if($_REQUEST["name"] == "") { $errors[] = "<font color='red'>Enter your name</font>"; } } function show_errors() { global $errors; foreach ($errors as $error){ echo $error, "<br>"; } } function handle_data() { echo "Your name is "; echo $_REQUEST["name"]; } function display_welcome() { echo "<form method='post' action='validate.php'>"; echo "Please enter your name"; echo "<br>"; echo "<input name='name' type='text'>"; echo "<br>"; echo "<br>"; echo "<input type='submit' value='Submit'>"; echo "<input type='hidden' name='already_shown' " , "value='data'>"; echo "</form>"; } ?> </center> </body> </html> You can see the welcome page in Figure 14.9.
Figure 14.9: The validation.php page asks for your name.
If you don’t enter a name and click Submit, an error message appears, as shown in Figure 14.10.
Figure 14.10: The validation.php page displays an error.
If you do enter a name and click Submit, the page echoes the name, as shown in Figure 14.11.
Figure 14.11: The validation.php page displays your name.
Validating numbers
You’ve seen the validation framework you can use. Now how about putting it to work in requiring that the user enter particular kinds of data? For example, you could insist that the user enter an integer in a new page, validateinteger.php. This page starts by checking whether the user has already seen the page with the hidden control already_shown:
<html> <head> <title>Validating integers</title> </head> <body> <center> <h1>Validating integers</h1> <? if(isset($_REQUEST["already_shown"])){ . . . Then, if the user has already seen the page, you validate the data, and if there were any errors, you display them and then display the welcome page so the user can re-enter the data:
<html> <head> <title>Validating integers</title> </head> <body> <center> <h1>Validating integers</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } . . . If there were no errors, you can handle the data the user entered:
<html> <head> <title>Validating integers</title> </head> <body> <center> <h1>Validating integers</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } else { handle_data(); } } else { display_welcome(); } . . . In the validate_data function, you can check whether the number the user entered-stored under the parameter number-is an integer. One way of doing that is by converting the data passed to you from the user into an integer using the PHP intval function. Then you can convert the integer back to a string using the strval function and compare that string to the original string from the $_REQUEST array.
For example, if the user entered "12.16", converting that to an integer would give you 12, and converting it back to a string would give you "12"-clearly not the same as "12.16".
You can compare the two strings with the PHP strcmp function like this:
function validate_data() { if(strcmp($_REQUEST["number"], strval(intval($_REQUEST["number"])))) { . . . } } If there was an error, you can add it to the global $errors array:
function validate_data() { global $errors; if(strcmp($_REQUEST["number"], strval(intval($_REQUEST["number"])))) { $errors[] = "<font color='red'>Please enter an integer</font>"; } } and display that error in the show_errors function:
function show_errors() { global $errors; foreach ($errors as $err){ echo $err, "<BR>"; } } The show_errors function, called when the user has not yet seen the page or has made an error, displays a prompt asking the user to enter an integer and a text field:
function display_welcome() { echo "<form method='post' action='validateinteger.php'>"; echo "Please enter an integer."; echo "<br>"; echo "<input name='number' type='text'>"; echo "<br>"; echo "<br>"; . . . } Then you add a Submit button and the hidden control named already_shown:
function display_welcome() { echo "<form method='post' action='validateinteger.php'>"; echo "Please enter an integer."; echo "<br>"; echo "<input name='number' type='text'>"; echo "<br>"; echo "<br>"; echo "<input type='submit' value='Submit'>"; echo "<input type='hidden' name='already_shown' " . "value='data'>"; echo "</form>"; } If everything goes well, you can display in the handle_data function the integer the user entered:
function handle_data() { echo "You entered "; echo $_REQUEST["number"]; } The validateinteger.php page is shown in Figure 14.12, where it’s asking the user to enter an integer. As you can see, however, the user has entered the text hello? instead of an integer.
Figure 14.12: The validateinteger.php page asks for an integer.
When the user clicks the Submit button, the page displays an error, as shown in Figure 14.13.
Figure 14.13: The validateinteger.php page displays an error.
If you do enter an integer, the page displays the integer entered, as shown in Figure 14.14.
Figure 14.14: The validateinteger.php page displays your integer.
That validates integers. How about validating some text?
Validating text
Say that you wanted to make sure that the text the user enters follows a certain pattern, which you might check with regular expressions. Could you do that with PHP? You sure can, as you’re going to see in a new page, validatetext.php.
PHP includes a function named preg_match whose job it is to look for regular expression matches. The validatetext.php example starts as usual-by validating the text the user sent, displaying errors if there were any, and displaying the welcome page as needed:
<html> <head> <title>Validating text</title> </head> <body> <center> <h1>Validating text</h1> <? $errors = array(); if(isset($_REQUEST["already_shown"])){ validate_data(); if(count($errors) != 0){ show_errors(); display_welcome(); } else { handle_data(); } } else { display_welcome(); } . . . The show_errors and handle_data functions work as usual:
function show_errors() { global $errors; foreach ($errors as $err){ echo $err, "<br>"; } } function handle_data() { echo "You entered "; echo $_REQUEST["text"]; } In the display_welcome function, you can ask the user to enter text containing the word hello like this:
function display_welcome() { echo "<form method='post' action='validatetext.php'>"; echo "Please enter text including 'hello'"; echo "<br>"; echo "<input name='text' type='text'>"; echo "<br>"; echo "<br>"; echo "<input type='submit' value='Submit'>"; echo "<input type='hidden' name='already_shown' value='hidden_data'>"; echo "</form>"; } Then, in the validate_data function, you can check whether the text entered included the text hello:
function validate_data() { if(!preg_match('/hello/i', $_REQUEST["text"])){ . . . } } and if the text did not include the string hello, you can add an entry to the $errors array:
function validate_data() { global $errors; if(!preg_match('/hello/i', $_REQUEST["text"])){ $errors[] = "<font color='red'>Please include 'hello' " . "in your text.</font>"; } } You can see this page, validatetext.php, in Figure 14.15. Note that the user has entered text that does not include the string hello in this case.
Figure 14.15: The validatetext.php page asks for text.
When you click the Submit button, an error message appears, as shown in Figure 14.16.
Figure 14.16: The validatetext.php page displays an error.
On the other hand, if your text does contain the string hello, the page displays your text, as shown in Figure 14.17.
Figure 14.17: The validatetext.php page displays your text.
