Introduction

In this tutorial, we will learn how to create a PHP Form Validation that can be used to check if the user has submitted all the required fields. Note that with anything PHP, it is a good idea to test you PHP for security flaws. Although we have provided some standard security measures, it is best to research and strengthen your code. Let’s begin!

Setting Up the Form

We’ll start by setting up the HTML form with some fields for us to input. For testing purposes we want the results to be sent back to the PHP page that we are currently working on (Just to demonstrate how it works). To make the form dynamically post to the page that it is coded on we will use the the PHP code htmlspecialchars($_SERVER["PHP_SELF"]); inside the action attribute.

This line of PHP code is dynamically pulling the site path from the server that it is hosted on. The htmlspecialchars is converting any charset code into physical HTML and adds as an extra security measure.

PHP Form

Now we will tie some logic to our newly created form as well as create some variables so we can store the data that was submitted and echo the results onto our page. Here is the code example:

Let’s look at our first PHP section. We started by adding a list of variables and set empty values for them. Next we created a conditional statement saying “if the request method from the Form is ‘Post’ and was submitted, retrieve that data and store it to a variable”. If the form has not been submitted it will just skip the first function (which it will do when the page first load since nothing has been submitted) and continue to our newly created function “test_input”. The test input function will strip all submitted data of white spaces, slashes and html characters.

The second snippet of PHP is simply echoing the data that is inputted, but since we have not submitted anything yet it will just be blank “” spaces. If you test the PHP now, the form post will be successful and echo the results below. Now its time to put restrictions and validate our user’s submissions.

The PHP Validation

Now that we have the basics of our PHP form, let’s add some more code to get the exact results we need. We want to add limitations that require some kind of input in the Name and Email fields, if not there will be an error message. If nothing is submitted in the normal fields than we will just substitute with a blank “” space. Let’s look at our final updated code:

First we created a class that we will tie to the error message to alert the user the submission is incomplete. We included some more variables but this time they will be used for each field’s error message (hence why we included ‘Error’ at the end). Next, we altered our conditional ‘if’ statement into an ‘if/else’. This will allow the PHP to check and make the decisions for us. Each if/else statement will check the field and if it is empty, store an echoed line of text with the error message into a variable. If not it will continue to post the user’s input.

Within our HTML form, we included a line of PHP within a span tag that will echo the appropriate variable for displaying our error message if the form is incomplete. The last section of PHP hasn’t changed but now only display if the proper user submitted data is valid.

Wrapping it Up

Validating your forms with PHP is a great way to practice retrieving submitted data from a server. Take precautions though when working with PHP, when working with dynamic content from the server, you must take security into consideration at all times. We suggest reading articles on security best practices and take the extra step in securing your PHP code.