PHP 5 Form Validation
This and the next chapters show how to use PHP to validate form data.
$_SERVER is an array that includes information such as headers, paths, and script locations. The entries in this array are created by the web server.
PHP Form Validation
The HTML form we will be working at in these chapters, contains various input fields: required and optional text fields, radio buttons, and a submit button:
The validation rules for the form above are as follows:
|Name||Required. + Must only contain letters and whitespace|
|Required. + Must contain a valid email address (with @ and .)|
|Website||Optional. If present, it must contain a valid URL|
|Comment||Optional. Multi-line input field (textarea)|
|Gender||Required. Must select one|
First we will look at the plain HTML code for the form:
The name, email, and website fields are text input elements, and the comment field is a textarea. The HTML code looks like this:
E-mail: <input type="text" name="email">
Website: <input type="text" name="website">
Comment: <textarea name="comment" rows="5" cols="40"></textarea>
The gender fields are radio buttons and the HTML code looks like this:
<input type="radio" name="gender" value="female">Female
<input type="radio" name="gender" value="male">Male
The Form Element
The HTML code of the form looks like this:
When the form is submitted, the form data is sent with method="post".
So, the $_SERVER["PHP_SELF"] sends the submitted form data to the page itself, instead of jumping to a different page. This way, the user will get error messages on the same page as the form.
Big Note on PHP Form Security
The $_SERVER["PHP_SELF"] variable can be used by hackers!
If PHP_SELF is used in your page then a user can enter a slash (/) and then some Cross Site Scripting (XSS) commands to execute.