PHP Forms – Validate E-mail and URL

PHP Form Validation: Learn to Validate Email, URL, and Name in Web Forms

Introduction:

Master the art of PHP form validation to enhance the security and reliability of your web applications. This comprehensive lesson guides you through validating email addresses, URLs, and names, ensuring that input adheres to specified criteria. Strengthen your PHP skills and build robust, -friendly forms with confidence.

Validating email addresses and URLs in PHP is a common task when processing forms to ensure that the input adheres to the expected formats. Here are examples of how you can validate email addresses and URLs in PHP:

PHP Email Validation:

<?php
function isValidEmail($email) {
// Use filter_var to perform email validation
return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
}

// Example usage:
$email = "@example.com";
if (isValidEmail($email)) {
echo "Valid email address.";
} else {
echo "Invalid email address.";
}
?>

In this example, the filter_var function with the FILTER_VALIDATE_EMAIL filter is used to validate an email address. It returns false if the email is invalid.

PHP URL Validation:

<?php
function isValidURL($url) {
// Use filter_var to perform URL validation
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}

// Example usage:
$url = "http://www.example.com";
if (isValidURL($url)) {
echo "Valid URL.";
} else {
echo "Invalid URL.";
}
?>

Here, the filter_var function with the FILTER_VALIDATE_URL filter is used to validate a URL. It returns false if the URL is invalid.

Using both Email and URL Validation in a Form:

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = $_POST["email"];
$url = $_POST["url"];

if (isValidEmail($email)) {
echo "Valid email address: $email<br>";
} else {
echo "Invalid email address.<br>";
}

if (isValidURL($url)) {
echo "Valid URL: $url<br>";
} else {
echo "Invalid URL.<br>";
}
}
?>

<!DOCTYPE html>
<html>
<head>
<title>Form Validation</title>
</head>
<body>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
Email: <input type="text" name="email"><br>
URL: <input type="text" name="url"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>

• In this example, a simple HTML form is created with fields for both email and URL.
• When the form is submitted, the PHP script validates the email and URL inputs and provides feedback.

Remember to customize and enhance the validation and form handling according to your specific needs.

PHP Email Validation:complete example with explanation

Here’s a complete example of an HTML form with PHP for email validation.

It’ll include comments in the PHP code for explanation:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Email Validation Example</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
input, button {
margin-bottom: 10px;
}
</style>
</head>
<body>

<?php
// Function to validate email
function isValidEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
}

// Initialize variables to hold form data and validation results
$email = $emailError = "";

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Retrieve email from the form
$email = $_POST["email"];

// Validate email
if (empty($email)) {
$emailError = "Email is required.";
} elseif (!isValidEmail($email)) {
$emailError = "Invalid email format.";
}
}
?>

<h2>Email Validation Example</h2>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Input for email -->
Email: <input type="text" name="email" value="<?php echo htmlspecialchars($email); ?>">
<span style="color: red;"><?php echo $emailError; ?></span><br>

<!-- Submit button -->
<button type="submit">Submit</button>
</form>

<?php
// Display result after form submission
if ($_SERVER["REQUEST_METHOD"] == "POST" && empty($emailError)) {
echo "<h3>Form submitted successfully!</h3>";
echo "<p>Entered email: " . htmlspecialchars($email) . "</p>";
}
?>

</body>
</html>

Explanation:

HTML Form Section:

A simple HTML form is created with an input field for the email address and a submit button.

PHP Validation Section:

• A PHP function isValidEmail is defined to check the validity of an email address using the FILTER_VALIDATE_EMAIL filter.
• Variables are initialized to store form data and validation results.
• Inside the form tag, the PHP code checks if the form is submitted ($_SERVER[“REQUEST_METHOD”] == “POST”).
• The entered email is retrieved from the form, and validation is performed.
• If there are errors, error messages are displayed next to the email input.

PHP Email Validation Example

Result Display Section:

• After the form is submitted, if there are no errors, a success message is displayed along with the entered email.

Remember to customize the code based on your specific requirements and styling preferences.

PHP URL Validation:complete example   with explanation

Below is a complete example of an HTML form with PHP for URL validation.

It’ll include comments in the PHP code for explanation:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>URL Validation Example</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
input, button {
margin-bottom: 10px;
}
</style>
</head>
<body>

<?php
// Function to validate URL
function isValidURL($url) {
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}

// Initialize variables to hold form data and validation results
$url = $urlError = "";

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Retrieve URL from the form
$url = $_POST["url"];

// Validate URL
if (empty($url)) {
$urlError = "URL is required.";
} elseif (!isValidURL($url)) {
$urlError = "Invalid URL format.";
}
}
?>

<h2>URL Validation Example</h2>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Input for URL -->
URL: <input type="text" name="url" value="<?php echo htmlspecialchars($url); ?>">
<span style="color: red;"><?php echo $urlError; ?></span><br>

<!-- Submit button -->
<button type="submit">Submit</button>
</form>

<?php
// Display result after form submission
if ($_SERVER["REQUEST_METHOD"] == "POST" && empty($urlError)) {
echo "<h3>Form submitted successfully!</h3>";
echo "<p>Entered URL: " . htmlspecialchars($url) . "</p>";
}
?>

</body>
</html>

Explanation:

HTML Form Section:

A simple HTML form is created with an input field for the URL and a submit button.

PHP Validation Section:

• A PHP function isValidURL is defined to check the validity of a URL using the FILTER_VALIDATE_URL filter.
• Variables are initialized to store form data and validation results.
• Inside the form tag, the PHP code checks if the form is submitted ($_SERVER[“REQUEST_METHOD”] == “POST”).
• The entered URL is retrieved from the form, and validation is performed.
• If there are errors, error messages are displayed next to the URL input.

Result Display Section:

• After the form is submitted, if there are no errors, a success message is displayed along with the entered URL.

Customize the code based on your specific requirements and styling preferences.

Using both Email and URL Validation in a Form:complete example 

Below is a complete example of an HTML form with PHP for both email and URL validation.

It’ll include comments in the PHP code for explanation:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Email and URL Validation Example</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
input, button {
margin-bottom: 10px;
}
</style>
</head>
<body>

<?php
// Function to validate email
function isValidEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
}

// Function to validate URL
function isValidURL($url) {
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}

// Initialize variables to hold form data and validation results
$email = $url = $emailError = $urlError = "";

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Retrieve email and URL from the form
$email = $_POST["email"];
$url = $_POST["url"];

// Validate email
if (empty($email)) {
$emailError = "Email is required.";
} elseif (!isValidEmail($email)) {
$emailError = "Invalid email format.";
}

// Validate URL
if (empty($url)) {
$urlError = "URL is required.";
} elseif (!isValidURL($url)) {
$urlError = "Invalid URL format.";
}
}
?>

<h2>Email and URL Validation Example</h2>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Input for email -->
Email: <input type="text" name="email" value="<?php echo htmlspecialchars($email); ?>">
<span style="color: red;"><?php echo $emailError; ?></span><br>

<!-- Input for URL -->
URL: <input type="text" name="url" value="<?php echo htmlspecialchars($url); ?>">
<span style="color: red;"><?php echo $urlError; ?></span><br>

<!-- Submit button -->
<button type="submit">Submit</button>
</form>

<?php
// Display result after form submission
if ($_SERVER["REQUEST_METHOD"] == "POST" && empty($emailError) && empty($urlError)) {
echo "<h3>Form submitted successfully!</h3>";
echo "<p>Entered email: " . htmlspecialchars($email) . "</p>";
echo "<p>Entered URL: " . htmlspecialchars($url) . "</p>";
}
?>

</body>
</html>

Explanation:

HTML Form Section:

A simple HTML form is created with input fields for both email and URL, along with a submit button.

PHP Validation Section:

• Two PHP functions (isValidEmail and isValidURL) are defined to check the validity of email and URL using the respective FILTER_VALIDATE filters.
• Variables are initialized to store form data and validation results for both email and URL.
• Inside the form tag, the PHP code checks if the form is submitted ($_SERVER[“REQUEST_METHOD”] == “POST”).
• The entered email and URL are retrieved from the form, and validation is performed for both.
• If there are errors, error messages are displayed next to the respective input fields.

Result Display Section:

After the form is submitted and there are no errors, a success message is displayed along with the entered email and URL.
Customize the code based on your specific requirements and styling preferences.

PHP – Validate Name

• Validating a name can be a subjective task because names can vary in format and structure.
• However, you can implement basic validation to ensure that the name is not empty and doesn’t contain any invalid characters.

Here’s an example of how you might validate a name in PHP:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Name Validation Example</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
input, button {
margin-bottom: 10px;
}
</style>
</head>
<body>

<?php
// Function to validate a name
function isValidName($name) {
// Check if the name is not empty and contains only letters and spaces
return !empty($name) && preg_match("/^[a-zA-Z\s]+$/", $name);
}

// Initialize variables to hold form data and validation results
$name = $nameError = "";

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Retrieve name from the form
$name = $_POST["name"];

// Validate name
if (empty($name)) {
$nameError = "Name is required.";
} elseif (!isValidName($name)) {
$nameError = "Invalid name format.";
}
}
?>

<h2>Name Validation Example</h2>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Input for name -->
Name: <input type="text" name="name" value="<?php echo htmlspecialchars($name); ?>">
<span style="color: red;"><?php echo $nameError; ?></span><br>

<!-- Submit button -->
<button type="submit">Submit</button>
</form>

<?php
// Display result after form submission
if ($_SERVER["REQUEST_METHOD"] == "POST" && empty($nameError)) {
echo "<h3>Form submitted successfully!</h3>";
echo "<p>Entered name: " . htmlspecialchars($name) . "</p>";
}
?>

</body>
</html>

Explanation:

HTML Form Section:

A simple HTML form is created with an input field for the name and a submit button.

PHP Validation Section:

• A PHP function isValidName is defined to check if the name is not empty and contains only letters and spaces using a regular expression.
• Variables are initialized to store form data and validation results.
• Inside the form tag, the PHP code checks if the form is submitted ($_SERVER[“REQUEST_METHOD”] == “POST”).
• The entered name is retrieved from the form, and validation is performed.
• If there are errors, error messages are displayed next to the name input.

Result Display Section:

After the form is submitted and there are no errors, a success message is displayed along with the entered name.
Feel free to modify the validation criteria based on your specific requirements.

ِ

An application about this lesson with explanation

Below is a simple PHP application that incorporates the concepts of email, URL, and name validation in a form.
The application includes a form where s can input their email, URL, and name. After submission, it validates the input and displays the entered information if validation is successful.

index.php:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Form Validation App</title>
<style>
body {
font-family: Arial, sans-serif;
margin: 20px;
}
input, button {
margin-bottom: 10px;
}
span.error {
color: red;
}
</style>
</head>
<body>

<?php
// Function to validate email
function isValidEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL) !== false;
}

// Function to validate URL
function isValidURL($url) {
return filter_var($url, FILTER_VALIDATE_URL) !== false;
}

// Function to validate a name
function isValidName($name) {
return !empty($name) && preg_match("/^[a-zA-Z\s]+$/", $name);
}

// Initialize variables to hold form data and validation results
$email = $url = $name = $emailError = $urlError = $nameError = "";

// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Retrieve form data
$email = $_POST["email"];
$url = $_POST["url"];
$name = $_POST["name"];

// Validate email
if (empty($email)) {
$emailError = "Email is required.";
} elseif (!isValidEmail($email)) {
$emailError = "Invalid email format.";
}

// Validate URL
if (empty($url)) {
$urlError = "URL is required.";
} elseif (!isValidURL($url)) {
$urlError = "Invalid URL format.";
}

// Validate name
if (empty($name)) {
$nameError = "Name is required.";
} elseif (!isValidName($name)) {
$nameError = "Invalid name format.";
}
}
?>

<h2>Form Validation App</h2>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<!-- Input for email -->
Email: <input type="text" name="email" value="<?php echo htmlspecialchars($email); ?>">
<span class="error"><?php echo $emailError; ?></span><br>

<!-- Input for URL -->
URL: <input type="text" name="url" value="<?php echo htmlspecialchars($url); ?>">
<span class="error"><?php echo $urlError; ?></span><br>

<!-- Input for name -->
Name: <input type="text" name="name" value="<?php echo htmlspecialchars($name); ?>">
<span class="error"><?php echo $nameError; ?></span><br>

<!-- Submit button -->
<button type="submit">Submit</button>
</form>

<?php
// Display result after form submission
if ($_SERVER["REQUEST_METHOD"] == "POST" && empty($emailError) && empty($urlError) && empty($nameError)) {
echo "<h3>Form submitted successfully!</h3>";
echo "<p>Email: " . htmlspecialchars($email) . "</p>";
echo "<p>URL: " . htmlspecialchars($url) . "</p>";
echo "<p>Name: " . htmlspecialchars($name) . "</p>";
}
?>

</body>
</html>

Explanation:

• The application defines three validation functions for email, URL, and name.
• HTML form includes input fields for email, URL, and name, along with error messages displayed for validation errors.
• The PHP script checks if the form is submitted, retrieves the form data, and performs validation.
• After submission, if there are no validation errors, it displays a success message along with the entered information.
• This is a basic example, and you can further enhance it based on your specific needs. Consider adding additional validation rules or improving the interface.

Quiz about PHP Form Validation :15 questions 

The quiz questions and explanations cover various aspects of PHP form validation, including email validation, URL validation, name validation, security considerations, and best practices.

let’s create a quiz about PHP form validation.
Each question will be followed by multiple-choice answers, and I’ll provide explanations for each correct answer.

Quiz: PHP Form Validation

1-What is the purpose of form validation in PHP?

a) To make forms look attractive
b) To ensure data entered into a form meets specified criteria
c) To create dynamic forms
Explanation: Form validation in PHP is used to ensure that input meets certain criteria, improving the reliability and security of the data submitted.

2-Which PHP function is commonly used for email validation?

a) check_email()
b) validate_email()
c) filter_var()
Explanation: The filter_var() function with the FILTER_VALIDATE_EMAIL filter is commonly used for email validation in PHP.

3-What does FILTER_VALIDATE_URL filter in filter_var() function do?

a) Validates email addresses
b) Validates URLs
c) Validates both email addresses and URLs

4-Explanation: FILTER_VALIDATE_URL filter is used to validate URLs.

4-In PHP, how can you check if a name contains only letters and spaces?

a) Using preg_match(“/^[a-zA-Z]+$/”, $name)
b) Using check_name($name)
c) Using validate_name($name)
Explanation: Option (a) uses preg_match to check if a name contains only letters and spaces.

5-What is the purpose of the htmlspecialchars() function in form input display?

a) To convert special characters to HTML entities
b) To validate form data
c) To create HTML forms
Explanation: htmlspecialchars() is used to convert special characters to HTML entities, preventing potential security vulnerabilities like XSS attacks.

6-Which superglobal variable is used to retrieve form data in PHP?

a) $_GET
b) $_POST
c) $_REQUEST
Explanation: $_POST is used to retrieve form data in PHP when the form is submitted using the POST method.

7-What does the empty() function check for in PHP?

a) Checks if a variable is set
b) Checks if a variable is empty or not
c) Checks if a variable contains a numeric value
Explanation: empty() checks if a variable is empty or not.

8-What is the purpose of the htmlspecialchars() function in form input display?

a) To convert special characters to HTML entities
b) To validate form data
c) To create HTML forms
Explanation: htmlspecialchars() is used to convert special characters to HTML entities, preventing potential security vulnerabilities like XSS attacks.

9-Which of the following is NOT a valid way to prevent SQL injection in PHP?

a) Using prepared statements with PDO
b) Using mysql_real_escape_string()
c) Using mysqli::real_escape_string()
Explanation: Option (b) is not a recommended way to prevent SQL injection. It is better to use prepared statements or parameterized queries.

10-In the context of form validation, what is CSRF?

a) Cross-Site Request Forgery
b) Cross-Site Scripting
c) Cross-Origin Resource Sharing
Explanation: CSRF stands for Cross-Site Request Forgery, which is an attack that tricks the victim into submitting a malicious request.

11-How can you prevent CSRF attacks in PHP forms?

a) Use HTTPS
b) Implement CAPTCHA
c) Use anti-CSRF tokens
Explanation: Option (c) is correct. Implementing anti-CSRF tokens is a common method to prevent CSRF attacks.

12-What does the FILTER_SANITIZE_STRING filter do in filter_var()?

a) Validates strings
b) Removes tags, if present, from a string
c) Converts a string to lowercase
Explanation: FILTER_SANITIZE_STRING removes tags, if present, from a string.

13-Which of the following is a valid way to handle errors during form validation in PHP?

a) Using die() function
b) Using echo statements for error messages
c) Using exception handling (try, catch blocks)
Explanation: Option (c) using exception handling (try, catch blocks) is a more structured and robust way to handle errors during form validation.

14-What does the htmlspecialchars() function prevent in PHP?

a) SQL injection
b) Cross-Site Scripting (XSS)
c) Cross-Site Request Forgery (CSRF)
Explanation: htmlspecialchars() prevents Cross-Site Scripting (XSS) attacks by converting special characters to HTML entities.

15-Which HTTP method is commonly used for submitting sensitive data, like passwords, in a form?

a) GET
b) POST
c) PUT

Explanation: Option (b) POST method is commonly used for submitting sensitive data as it doesn’t append data to the URL, unlike the GET method.