+91-9142290450

Hajipur, Bihar, 844101

☰

❮

❯

PHP Form Validation

← Previous Next →

Form validation is a crucial step in web development. It ensures that the data submitted by users is complete, correct, and secure before being processed or stored. PHP provides several techniques to validate form data and protect your applications from invalid input.

Why Form Validation is Important

Prevent incomplete submissions – Ensures all required fields are filled.
Ensure correct formats – Such as valid email addresses, URLs, or phone numbers.
Enhance security – Protects against malicious input like scripts or SQL injections.
Improve user experience – Users are notified immediately of errors, avoiding confusion.

Accessing Form Data

PHP retrieves submitted form data using superglobals:

$_POST → For data submitted via POST
$_GET → For data submitted via GET

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
?>

$name, $email, and $message store the values submitted by the user.
Always validate these values before processing.

Example 1: Required Fields Validation

Ensuring that all fields are filled is the most basic form of validation.

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];

if (empty($name)) {
    echo "Name is required.<br>";
}
if (empty($email)) {
    echo "Email is required.<br>";
}
if (empty($message)) {
    echo "Message is required.<br>";
}
?>

Explanation:

The empty() function checks if a field is empty.
Error messages are displayed for each missing field.
Vicky submits the form leaving the Email blank, and the system notifies her immediately.

Example 2: Email Validation

To ensure users enter a valid email address, use filter_var() with the FILTER_VALIDATE_EMAIL filter.

<?php
$email = $_POST['email'];

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email format.<br>";
} else {
    echo "Email $email is valid.<br>";
}
?>

Sanjana enters sanjanaexample.com without @, and the system alerts her.
Proper emails like sanjana@example.com pass the validation.

Example 3: URL Validation

You can validate URLs using FILTER_VALIDATE_URL:

<?php
$website = $_POST['website'];

if (!filter_var($website, FILTER_VALIDATE_URL)) {
    echo "Invalid URL.<br>";
} else {
    echo "URL $website is valid.<br>";
}
?>

Vrinda submits her portfolio URL.
Only properly formatted URLs like https://vrindaportfolio.com are accepted.

Example 4: Minimum and Maximum Length Validation

Sometimes you may require input to be within a certain length:

<?php
$name = $_POST['name'];

if (strlen($name) < 3) {
    echo "Name must be at least 3 characters long.<br>";
} elseif (strlen($name) > 20) {
    echo "Name cannot exceed 20 characters.<br>";
} else {
    echo "Name is valid.<br>";
}
?>

This ensures user names like Vicky, Sanjana, or Vrinda are appropriately formatted.
Prevents excessively short or long input.

Example 5: Password Strength Validation

For registration forms, password validation is essential:

<?php
$password = $_POST['password'];

if (strlen($password) < 6) {
    echo "Password must be at least 6 characters long.<br>";
} elseif (!preg_match("/[A-Z]/", $password)) {
    echo "Password must include at least one uppercase letter.<br>";
} elseif (!preg_match("/[0-9]/", $password)) {
    echo "Password must include at least one number.<br>";
} else {
    echo "Password is strong.<br>";
}
?>

Ensures passwords are secure and harder to guess.
Example: Vrinda enters Vrinda1 – it passes all checks.

Example 6: Combining Validations in a Form

You can combine multiple checks for a registration form:

<?php
$name = $_POST['name'];
$email = $_POST['email'];
$password = $_POST['password'];

$errors = [];

if (empty($name)) {
    $errors[] = "Name is required.";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $errors[] = "Invalid email address.";
}
if (strlen($password) < 6) {
    $errors[] = "Password must be at least 6 characters.";
}

if (!empty($errors)) {
    foreach ($errors as $error) {
        echo $error . "<br>";
    }
} else {
    echo "Registration successful for $name!";
}
?>

Collects errors in an array and displays them together.
Enhances user experience and keeps code organized.

Best Practices for Form Validation

Validate on the server – Client-side validation (JavaScript) is optional and not secure.
Sanitize input – Use htmlspecialchars() or filter_var() to prevent XSS.
Provide clear error messages – Helps users correct mistakes easily.
Combine validations – Required fields, formats, length, and patterns.
Store passwords securely – Hash with password_hash() before storing.
Use arrays for error collection – Keeps code clean and maintainable.

Summary of the Tutorial

Form validation ensures data integrity, security, and usability.
PHP provides built-in functions like empty(), strlen(), and filter_var() for common validations.
Passwords, emails, URLs, and text fields can be validated and sanitized.
Collecting multiple errors in an array allows efficient feedback for users.
Proper validation improves security and user experience, especially in registration or contact forms.

Validation is a crucial step in PHP forms, helping to avoid incomplete or incorrect submissions and ensuring that applications handle user input safely.

Practice Questions

Create a registration form and validate that the Name and Email fields are not empty.
Validate that the Email field contains a properly formatted email address.
Validate a URL field to ensure the input is a valid URL.
Check that the Name field contains at least 3 characters and no more than 20 characters.
Validate a Password field to ensure it has at least 6 characters, one uppercase letter, and one number.
Combine multiple validations in a single form and display all errors at once.
Sanitize all input fields using htmlspecialchars() before displaying them.
Create a form with multiple checkbox options and validate that at least one option is selected.
Validate a dropdown selection to ensure a valid option is chosen.
Create a form that displays custom error messages for each validation failure for Name, Email, and Password.

← Previous Next →

Try a Short Quiz.

Programming Language

Web Development

Other Languages

Programming Language

Web Development

Other Languages

PHP

PHP Form Validation

Why Form Validation is Important

Accessing Form Data

Example 1: Required Fields Validation

Example 2: Email Validation

Example 3: URL Validation

Example 4: Minimum and Maximum Length Validation

Example 5: Password Strength Validation

Example 6: Combining Validations in a Form

Best Practices for Form Validation

Summary of the Tutorial

Practice Questions

Try a Short Quiz.

No quizzes available.

PHP

Quick Links

Our Tutorials

Programming Language

Web Development

Other Languages

Programming Language

Web Development

Other Languages

PHP

PHP Form Validation

Why Form Validation is Important

Accessing Form Data

Example 1: Required Fields Validation

Example 2: Email Validation

Example 3: URL Validation

Example 4: Minimum and Maximum Length Validation

Example 5: Password Strength Validation

Example 6: Combining Validations in a Form

Best Practices for Form Validation

Summary of the Tutorial

Practice Questions

Try a Short Quiz.

No quizzes available.

PHP

Follow Us:

Quick Links

Our Tutorials