Validating user’s input

Once the data is received we can use PHP to validate the user’s input. In PHP, usually we
declare a regular expression and the use a PHP function (preg_match()) to compare user’s input
with the regular expression.

1. Validating user’s input:

A regular expression is a concise notation to describe patterns in strings. Regular expressions

provide the foundation for describing or matching data according to defined syntax rules. We
can use regular expressions to define a pattern and check to see if it can be applied to your
data.
Regular Expression Syntax: A regular expression is nothing more than a pattern of characters
itself, matched against a certain input text. The structure of a regular expression is similar to
that of a typical arithmetic expression. It means, various elements or operators are combined to
form a more complex expression. Following are the most basic notations used to define a
regular expression

 ^: match strings that start with the given pattern

 $: match strings that end with the given pattern

 -: means a range of characters

 [ ]: makes a class of characters

 [^ ]: negates the class of character

 ?: matches the character, class or sub-pattern 0 or 1 time equal to {0,1}

 +: matches the character, class or sub-pattern 1 or more times equals to {1, }

 *: matches the character, class or sub-pattern 0 or any number of time equals {0, }

 \d: means exactly as [0-9]

 \D: means exactly as [^0-9]

  \w: means exactly as [a-zA-Z0-9]

RE examples: in the following examples, we write some regular expressions to validate user’s
input
Validating date: dates are the most common input we need to take from a user. A date consists
of three parts: day, month and year. These parts are usually separated by – or / symbol. To
validate a date we can use the following regular expression. This expression consists of three
parts. In each part the allowed character’s range is given \d which means exactly the same as
[0-9] and are separated by – symbol.
– |^\d{2}-\d{2}-\d{4}$|
Validating CNIC: In the following example, we have declared a regular expression to validate
CNIC number. A CNIC number consists of three parts. The first part consists of five digits, then a
– symbol. The second part consists of seven digits and then again a – symbol; and then one
digit.
– |^\d{5}-\d{7}-\d{1}$|
Validating Email: The following example validates an email address.
– |^[a-zA-Z0-9_.]+@[a-z]{3,5}.[a-z]{2,3}$|
Evaluating user’s input: After declaring a regular expression, we have to match the user’s
input.The preg_match() function searches a string for a specific pattern, returning TRUE if it
exists and FALSE otherwise. We can use the following syntax to use this function
intpreg_match(“pattern”,$string);
In the following example we have validated user’s input. First we have declared a form and in
the action page we have validated user’s email.

<body> action.php

<form method=“post” action=”action.php”> <?php

<input type=“text” name=“name”> $name = $_POST[‘name’];

<input type=“text” name=“email”> $email = $_POST[‘email’];

<input type=“submit”> if(!preg_match("|^[a-zA-Z0-9_.]+@[a-z]{3,5}.

[a-z]{3}$|",$email))
 </form> echo "Invalid Email address";

</body> ?>

2. String functions in PHP:

In addition to regular expressions, PHP provides many string functions which can also be used
to evaluate user’s input. Some of the basic string functions are discussed here
strlen(): strlen() function is used to find the length of the string. Following is the syntax of a
regular expression; intstrlen($string);
strcmp(): This function is used to compare two strings. It returns 0 if strings are equal, 1 if first
string is greater and -1 if second is greater. The syntax of the strcmp() function is
– intstrcmp($string1,$string2);
strcasecmp(): strcasecmp() function compares two strings in case insensitive manner.
– strcasecmp($string1,$string2);
strtolower(): It scnverts a string in lower case.
– strtolower($string);
strtoupper(): It converts a string in upper case
– strtoupper($string);
ucfirst(): This function converts the first character of a string to upper case.
– ucfirst($string);
ucwords(): It converts the first character of each word in a string to upper case
– ucfirst($string);
strpos(): It finds the position of the first case-sensitive occurrence of a substring in a string
– strpos($string,sub-string);
strrpos(): It finds the position of the last case-sensitive occurrence of a substring in a string
– strrpos($string,sub-string);
substr_count(): It returns the number of times one string occurs within another
– substr_count($string,sub-string);
Example: In the following example we have taken user’s name, password and re-type password
as input. On the action page, we have used string functions to evaluate user’s input. First we
find the length of the password using strlen() function and if password’s length is less than six
then we have displayed an error message. Similarly, we have compared password and re-type
password and if they don’t match; an error message is displayed. Then we have used
strtolower(), strtoupper(), ucfirst() and ucword() functions on user’s name. Similarly, we have
applied strops(), strrpos() and substr_count() functions on user’s name.
<html> <?php
<head> $name = $_POST['name'];
<title>String Function</title> $pass = $_POST['pass'];
</head> $pass1 = $_POST['pass1'];
<body> if(strlen($pass)<6)
<form id="form1" name="form1" method="post" echo "Too short password";
action="str_action.php"> if(strcmp($pass,$pass1)<>0)
Name: <input type="text" name="name" /> echo "Password mismatch";
Type new password: echostrtolower($name)."<br>";
<input type="text" name="pass" /> echostrtoupper($name)."<br>";
Re-type new password: echoucfirst($name)."<br>";
<input type="text" name="pass1" /> echoucwords($name)."<br>";
<input type="submit" name="Submit value="Submit" /> echostrpos($name,'a')."<br>";
</form> echostrrpos($name,'a')."<br>";
</body> echosubstr_count($name,'a')."<br>";
</html> ?>