PHP Form Validation Lecture Notes PDF
Document Details
Uploaded by FruitfulQuail4984
Erbil Polytechnic University, Soran Technical College
Omid H. Sherwany
Tags
Summary
These lecture notes cover PHP form validation techniques, including client-side and server-side validation, and useful functions such as htmlspecialchars, is_numeric, isset, empty, and PHP_SELF. The notes provide examples and code snippets.
Full Transcript
ERBIL POLYTECHNIC UNIVERSITY SORAN TECHNICAL COLLEGE IT. DEPARTMENT WEB PROGRAMMING LECTURE-8: PHP FORM VALIDATION Lecturer: Omid H. Sherwany WHAT IS FORM VALIDATION? validation: ensuring that form's values are correct some types of val...
ERBIL POLYTECHNIC UNIVERSITY SORAN TECHNICAL COLLEGE IT. DEPARTMENT WEB PROGRAMMING LECTURE-8: PHP FORM VALIDATION Lecturer: Omid H. Sherwany WHAT IS FORM VALIDATION? validation: ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real number, currency, phone number, Social Security number, postal address, email address, date, credit card number,... ensuring the format and range of values (ZIP code must be a 5-digit integer) ensuring that values fit together (user types email twice, and the two must match) SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 2 A REAL FORM THAT USES VALIDATION SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 3 CLIENT VS. SERVER-SIDE VALIDATION Validation can be performed: client-side (before the form is submitted) can lead to a better user experience, but not secure (why not?) server-side (in PHP code, after the form is submitted) needed for truly secure validation, but slower both best mix of convenience and security, but requires most effort to program SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 4 USEFUL FUNCTIONS IN FORM PROCESSING htmlspecialchars($_POST[‘n’]) makes sure any characters that are special in html are properly encoded so people can't inject HTML tags or Javascript into your page. Use the is_numeric() function to test whether a variable contains a numeric string The isset() function determines whether a variable has been declared and initialized (or “set”) The empty() function determines whether a variable is empty. $_SERVER["PHP_SELF"] sends the submitted forms data to the page itself, instead of jumping to a different page. 11/26/2024 SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 5 AN EXAMPLE FORM TO BE VALIDATED City: State: ZIP: HTML Let's validate this form's data on the server... SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 6 BASIC SERVER-SIDE VALIDATION CODE $city = $_REQUEST["city"]; $state = $_REQUEST["state"]; $zip = $_REQUEST["zip"]; if (!$city || strlen($state) != 2 || strlen($zip) != 5) { ?> Error, invalid city/state submitted. PHP basic idea: examine parameter values, and if they are bad, show an error message and abort SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 7 BASIC SERVER-SIDE VALIDATION CODE validation code can take a lot of time / lines to write How do you test for integers vs. real numbers vs. strings? How do you test for a valid credit card number? How do you test that a person's name has a middle initial? How do you test whether a given string matches a particular complex format? SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 8 TESTING IF FORM VARIABLES CONTAIN NUMERIC VALUES if (isset($_GET['height']) && isset($_GET['weight'])) { if (is_numeric($_GET['weight']) && is_numeric($_GET['height'])) { $BodyMass = $_GET['weight'] / ($_GET['height'] * $_GET['height']) * 703; echo “Your body mass index is $BodyMass”; } else echo "You must enter numeric values!"; } 11/26/2024 SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 9 FILTER_VAR() In web development, ensuring the security and reliability of your applications is paramount. One essential tool in the PHP developer’s arsenal is the filter_var() function This versatile function empowers developers to validate and sanitize user input with ease, reducing the risk of vulnerabilities and enhancing overall application robustness SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 10 FILTER_VAR()- VALIDATING TYPES filter_var() supports a wide range of filter types, each tailored to validate or sanitize specific types of data. These include: FILTER_VALIDATE_INT: Validates an integer. FILTER_VALIDATE_FLOAT: Validates a floating-point number. FILTER_VALIDATE_BOOLEAN: Validates a boolean value (true or false). FILTER_VALIDATE_EMAIL: Validates an email address. FILTER_VALIDATE_URL: Validates a URL. SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 11 SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 12 SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 13 SORAN TECHNICAL INSTITUTE-IT DEPARTMENT 14