Recipe 9.2. Validating Form Input: Required Fields

9.2.1. Problem

You want to make sure a value has been supplied for a form element. For example, you want to make sure a text box hasn't been left blank.

9.2.2. Solution

Use strlen( ) to test the element in $_GET or $_POST, as in Example 9-4.

Testing a required field

<?php if (! strlen($_POST['flavor'])) {    print 'You must enter your favorite ice cream flavor.'; } ?>

9.2.3. Discussion

Different types of form elements cause different types of behavior in $_GET and $_POST when left empty. Blank text boxes, text areas, and file-upload boxes result in elements whose value is a zero-length string. Unchecked checkboxes and radio buttons don't produce any elements in $_GET or $_POST. Browsers generally force a selection in a drop-down menu that only allows one choice, but drop-down menus that allow multiple choices and have no choices selected act like checkboxes'they don't produce any elements in $_GET or $_POST.

What's worse, requests don't have to come from web browsers. Your PHP program may receive a request from another program, a curious hacker constructing requests by hand, or a malicious attacker building requests in an attempt to find holes in your system. To make your code as robust as possible, always check that a particular element exists in $_GET or $_POST before applying other validation strategies to the element. Additionally, if the validation strategy assumes that the element is an array of values (as in Example 9-15), ensure that the value really is an array by using is_array( ).

Example 9-5 uses isset( ), strlen( ), and is_array( ) for maximally strict form validation.

Strict form validation

<?php // Making sure $_POST['flavor'] exists before checking its length if (! (isset($_POST['flavor']) && strlen($_POST['flavor']))) {    print 'You must enter your favorite ice cream flavor.'; } // $_POST['color'] is optional, but if it's supplied, it must be // more than 5 characters if (isset($_POST['color']) && (strlen($_POST['color']) <=5 )) {    print 'Color must be more than 5 characters.'; } // Making sure $_POST['choices'] exists and is an array if (! (isset($_POST['choices']) && is_array($_POST['choices']))) {    print 'You must select some choices.'; } ?>

In a moment of weakness, you may be tempted to use empty( ) instead of strlen( ) to test if a value has been entered in a text box. Succumbing to such weakness leads to problems since the one character string 0 is false according to the rules of PHP's boolean calculations. That means if someone types 0 into the children text box, causing $_POST['children'] to contain 0, empty($_POST['children']) is TRue'which, from a form validation perspective, is wrong.

9.2.4. See Also

Recipe 9.5 for information about validating drop-down menus, Recipe 9.6 for information about validating radio buttons, and Recipe 9.7 for information about validating checkboxes.

PHP Cookbook, 2nd Edition
PHP Cookbook: Solutions and Examples for PHP Programmers
ISBN: 0596101015
EAN: 2147483647
Year: 2006
Pages: 445

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: