We launched a new IT training category! Check out the 140+ courses now.

Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Validating form values

From: PHP with MySQL Essential Training

Video: Validating form values

When we accept data from users especially from web forms, let's say, submit, we almost never want to just accept any old data that they send In fact, it's to our benefit as developers to assume that users are sending us the worst kinds of data possible, that may be even trying to hack our site and do us harm. Checking the submitted data carefully is the road to having robust and secure code. So we need to spend some time thinking about requirements for our data and learning how to enforce those requirements. I promise you're going to spend significant time on this for every project that you do, so it's worth investing the time in learning how to do it and to avoid the pitfalls. Imposing data requirements is called validating our data, and you'll hear me refer to the process as validations or passing or failing our validations. If data passes validations, it means that data was acceptable and we can use it. If it fails validations, that means there was a problem and we need to reject it. And most often that means going back to the user to ask them to make revisions and submit it again.

Validating form values

When we accept data from users especially from web forms, let's say, submit, we almost never want to just accept any old data that they send In fact, it's to our benefit as developers to assume that users are sending us the worst kinds of data possible, that may be even trying to hack our site and do us harm. Checking the submitted data carefully is the road to having robust and secure code. So we need to spend some time thinking about requirements for our data and learning how to enforce those requirements. I promise you're going to spend significant time on this for every project that you do, so it's worth investing the time in learning how to do it and to avoid the pitfalls. Imposing data requirements is called validating our data, and you'll hear me refer to the process as validations or passing or failing our validations. If data passes validations, it means that data was acceptable and we can use it. If it fails validations, that means there was a problem and we need to reject it. And most often that means going back to the user to ask them to make revisions and submit it again.

The simplest and most common requirement for a form field is that the user submits some value that the form field can not be left blank. We call this validating the presence making sure that something was present in the field. Now we can have other requirements too. For example, we could check for the number of characters that they submitted to make sure that something is either longer than a certain number of characters, shorter than the certain number, maybe between a certain range where that is exactly a certain number of characters. We can validate the type, make sure that they've sent us a string or an integer or a float, if that's what we're expecting. We can validate that it's included in a set from a select set of choices. So, if we'd ask someone to choose whether they're male or female, the answer we get back, we would expect to be either male or female. And if it's not one of those two choices, we want to reject it. Once we start working with databases, we'll start wanting to check whether things are unique or not.

This especially comes into play with something like a username. Everyone needs to pick a unique username, so we need to take the value they've given us for their preferred username and then check the database to see whether or not that is a valid, unique username. And the last common one would be format. And that's just checking that an email has the at symbol in it, that currency has a dollar sign at the beginning. For dates and times they might need to end with a.m. or p.m. Any kind of format for the format that something should be submitted to us in, we can also check for. Now these are general categories.

They're, by no means, a full list. You'll need to write custom validations. For example, a field might contain a path to a PDF file and your validation would check to make sure that that file already exists. Or you might validate whether a value is greater than 20 or that a value is odd or even. Really, the sky's the limit when it comes to validations. So let's try a few of these common ones just to get a feel for them. So to start with, let's open up basic.html again and we'll do Save As on it. I'm going to call it validations.php. Validations. So in here let's open our PHP tags and I'm going to put some place holders for the different types that we just talked about are common.

Present string length, type inclusion, uniqueness, and format. So let's go through each one of these. Let's talk about presence first. So, with presence, you could use isset. We can say, just make a conditional if it's not set. And let's say we're just going to check for value. Then, we can check and say well, the validation failed. Echo validation failed. Okay. So that just checks whether the value was actually set. So let's say, we have value equals quote, quote, semicolon. Right? So we have an empty string sent. Well, it is set.

That's not what we were checking for. It's good to check to see if it's set or not, that's a good sanity check. But a blank field will still set a key in our post superglobal. So, it's not a bad fail-safe to have, but we really need to do more checking than that. And one way to do that is with empty. And I'll just do empty value. So, now if we try this. Let's bring it up in a browser. Let's check validations.php. The validation failed but, if we have something in there let's put an x. Save it. Reload the page, and it succeeded. We didn't get anything back.

So we're only getting a message if it fails our validations. So I'm going to make it so that it does pass. We did make sure we have the presence there. Incidentally, we're going to talk more about empty in the next video and some of the problems that come up with it. So, for now, we're going to leave it. And just make that what we look at for presence. We'll revisit it in a moment. With string length, we could have the minimum length. Let's say that we have another value here, and for now, let's say that the value is empty again. And this time, we're going to check to see if the string, we know it's present. Now we want to see string length, strlen, of value.

And that's going to return an integer for how large it is. Is it less than the minimum? And if it is, well, then the validations failed. I'll just copy that and paste it down here. So that's going to be minimum length and that's minimum length. And let's set a value for the minimum. Let's say that the minimum is equal to 3. So it must be at least 3 or it fails our validations. Let's go ahead and make another one here and we'll just do max length.

And we'll use the same value but we're going to write max equals, and let's make it 6. So if it's greater than the max, well, then we have another problem. So, we're validating the length is, above a minimum and below a maximum. So, let's just try that real quick. We've got this value here, that's empty right now. Let's reload the page and validation failed. That's not my first validation. This one's passing. It's one of these that we're seeing. And it doesn't tell us which, but that's okay. We know which one it is. Let's go ahead and make this value, now, something else. Let's say that it's abcd.

So now it's in that range and it works just fine. We make it efghijk, save it, validation failed. Now, of course, you could use custom messages for this, so that it would say that the validation failed because of the following reasons. But for right now, I just want to show you how validations work. So let's do type. I'm just going to copy this because it's going to be very similar. And let me do value equals first and this time the test though that we're going to put in here is going to be, is it a string? So, if value is not a string, then the validation fails.

So, if we put in here a number. Let's put 1. It comes back just fine. But if we put in 1 as an actual integer, then it doesn't. Now this brings up an important point, that when we submit form values in PHP, there always going to be strings. Even if it's a number, it's going to be submitted as a string, because PHP doesn't know whether we intended it to be a 1 as a string or 1 as a number. So it's going to be a string. And you'll need to do a conversion to convert its type if you need it to be something else.

Let's do inclusion in a set. Let's take this right here. Now, let's say that we have a set of values here. Let's say that the set is equal to the array. And in the array, we have 1 or 2 or 3 or 4. So it must be in one of these values. So how do we do that? Well we know we can use the in array. You want to check if it's not in the array. And so for that we use value followed by the set. So if value is in the set it will pass. If it's not then it won't.

Let's try that real quick. Okay. It passed. We now make it 5 and now it fails our validation. You getting a feel for how this works? So uniqueness, we really can't do without databases. So we're going to leave that one for now. But the basic idea is that when they submit a value, we then turn right around and take that value and ask the database. Hey, database. Do you have this value? And if it returns yes it does, well, then, we erase the validation error. If it returns no it doesn't, then we don't. And then last of all, I want us to look at format. Now, for format, I want to teach you a new function.

It's a little bit of a high-level function, but it's super-useful. And it's preg_match. And what we're doing is we're applying a regular expression to see if something matches. So here's the format. We provide a regular expression here and the subject we want to match, and it returns true whether it matches or not. Let me just give you a quick example here. I'll just paste it in, so here's our regular expression inside the slanted lines as a string, and I'm going to match whether PHP is inside PHP is fun. And it will either say match was found or match was not found.

Switch back over here, reload it, a match was found and if we put in something else like an x at the end. Then it comes up and says that a match was not found. So that's how it works. Let's instantly just got back up here and fix this one just so that passes it's validation. And I'm just going to make a note here, uses a database to check uniqueness. So let's just drop back down here. And let's finish working on format. So the way that we're going to do this, is very similar to what we've been doing. We'll write an if statement. But instead of in_array, were going to use this preg_match. There we go, I'll drop it in.

But we don't want to check that. Were going to check it against some value. Let's say value is equal to nobody@nowhere.com, and you can write a complex regular expression here for now. I'm just going to do, real simple, let's check to make sure that there is an at symbol in it, and we're going to use value. That's all it's going to do, is check to see whether the at symbol is inside there. So let's go back here. Oops, unexpected if. Where did I get my problem? I forgot my semicolon. There we are. Back, there we go. Match validation failed. Why did it come back and tell me that it's not there? It should be, if it's not matching.

That was my mistake. So, not match. So, it did match, so now if it does not match, then we want to return validation failed. Now we don't get our validation error. Now, preg_match is great because you can use regular expression which are very powerful. I actually have a regular expression training on lynda.com that you can refer to that'll tell you more about how to use regular expressions. But I think that it's not the fastest, sometimes using string, string, STR, STR. And string pos for postion, STR POS, are going to actually be a little bit faster.

So for example, you can have something like this, if the string position of the value is exactly equal to false then the validation failed. Now why did I use exactly equal? Because string position will return 0 if it finds it at the beginning of the string. And so we don't want to have equals false because 0 would be considered false in that case. So if it's exactly equal to false using that triple equals, then we want to match it... And that leads us into a discussion then, about some of the problems with validation logic. Because those kinds of problems can trip you up and give you false positives or false negatives.

So, let's look at that in the next movie and talk about what some of the common problems are.

Show transcript

This video is part of

Image for PHP with MySQL Essential Training
PHP with MySQL Essential Training

131 video lessons · 36010 viewers

Kevin Skoglund
Author

 
Expand all | Collapse all
  1. 4m 8s
    1. Welcome
      1m 0s
    2. Using the exercise files
      3m 8s
  2. 15m 6s
    1. What is PHP?
      3m 52s
    2. The history of PHP
      2m 51s
    3. Why choose PHP?
      4m 10s
    4. Installation overview
      4m 13s
  3. 54m 53s
    1. Overview
      2m 33s
    2. Working with Apache Web Server
      6m 56s
    3. Changing the document root
      7m 24s
    4. Enabling PHP
      6m 16s
    5. Upgrading PHP
      3m 30s
    6. Configuring PHP
      10m 3s
    7. Installing MySQL
      5m 46s
    8. Configuring MySQL
      7m 24s
    9. Text editor
      5m 1s
  4. 31m 25s
    1. Overview
      3m 27s
    2. Installing WampServer
      5m 46s
    3. Finding the document root
      2m 24s
    4. Configuring PHP
      8m 12s
    5. Configuring MySQL
      5m 45s
    6. Text editor
      5m 51s
  5. 19m 12s
    1. Embedding PHP code on a page
      6m 43s
    2. Outputting dynamic text
      5m 55s
    3. The operational trail
      2m 27s
    4. Inserting code comments
      4m 7s
  6. 1h 18m
    1. Variables
      7m 50s
    2. Strings
      4m 38s
    3. String functions
      8m 54s
    4. Numbers part one: Integers
      6m 27s
    5. Numbers part two: Floating points
      5m 25s
    6. Arrays
      10m 0s
    7. Associative arrays
      6m 37s
    8. Array functions
      6m 33s
    9. Booleans
      3m 50s
    10. NULL and empty
      5m 15s
    11. Type juggling and casting
      8m 27s
    12. Constants
      4m 43s
  7. 27m 37s
    1. If statements
      6m 0s
    2. Else and elseif statements
      4m 16s
    3. Logical operators
      7m 30s
    4. Switch statements
      9m 51s
  8. 42m 15s
    1. While loops
      8m 41s
    2. For loops
      5m 59s
    3. Foreach loops
      8m 16s
    4. Continue
      8m 28s
    5. Break
      4m 8s
    6. Understanding array pointers
      6m 43s
  9. 37m 25s
    1. Defining functions
      8m 25s
    2. Function arguments
      5m 32s
    3. Returning values from a function
      7m 33s
    4. Multiple return values
      4m 53s
    5. Scope and global variables
      6m 2s
    6. Setting default argument values
      5m 0s
  10. 20m 18s
    1. Common problems
      3m 47s
    2. Warnings and errors
      8m 36s
    3. Debugging and troubleshooting
      7m 55s
  11. 57m 57s
    1. Links and URLs
      5m 33s
    2. Using GET values
      5m 35s
    3. Encoding GET values
      8m 41s
    4. Encoding for HTML
      9m 26s
    5. Including and requiring files
      7m 40s
    6. Modifying headers
      6m 45s
    7. Page redirection
      6m 43s
    8. Output buffering
      7m 34s
  12. 1h 3m
    1. Building forms
      7m 28s
    2. Detecting form submissions
      5m 59s
    3. Single-page form processing
      7m 57s
    4. Validating form values
      10m 40s
    5. Problems with validation logic
      9m 54s
    6. Displaying validation errors
      7m 23s
    7. Custom validation functions
      6m 28s
    8. Single-page form with validations
      7m 25s
  13. 28m 5s
    1. Working with cookies
      2m 49s
    2. Setting cookie values
      5m 55s
    3. Reading cookie values
      6m 1s
    4. Unsetting cookie values
      4m 51s
    5. Working with sessions
      8m 29s
  14. 48m 39s
    1. MySQL introduction
      6m 43s
    2. Creating a database
      7m 41s
    3. Creating a database table
      7m 42s
    4. CRUD in MySQL
      5m 48s
    5. Populating a MySQL database
      7m 32s
    6. Relational database tables
      6m 40s
    7. Populating the relational table
      6m 33s
  15. 56m 4s
    1. Database APIs in PHP
      4m 51s
    2. Connecting to MySQL with PHP
      7m 45s
    3. Retrieving data from MySQL
      8m 47s
    4. Working with retrieved data
      6m 12s
    5. Creating records with PHP
      6m 58s
    6. Updating and deleting records with PHP
      9m 6s
    7. SQL injection
      3m 5s
    8. Escaping strings for MySQL
      6m 45s
    9. Introducing prepared statements
      2m 35s
  16. 35m 58s
    1. Blueprinting the application
      7m 19s
    2. Building the CMS database
      5m 14s
    3. Establishing your work area
      4m 38s
    4. Creating and styling the first page
      4m 22s
    5. Making page assets reusable
      6m 36s
    6. Connecting the application to the database
      7m 49s
  17. 32m 49s
    1. Adding pages to the navigation subjects
      5m 58s
    2. Refactoring the navigation
      6m 7s
    3. Selecting pages from the navigation
      6m 2s
    4. Highlighting the current page
      5m 26s
    5. Moving the navigation to a function
      9m 16s
  18. 1h 45m
    1. Finding a subject in the database
      9m 48s
    2. Refactoring the page selection
      10m 52s
    3. Creating a new subject form
      6m 55s
    4. Processing form values and adding subjects
      11m 20s
    5. Passing data in the session
      9m 16s
    6. Validating form values
      9m 40s
    7. Creating an edit subject form
      8m 30s
    8. Using single-page submission
      7m 44s
    9. Deleting a subject
      9m 44s
    10. Cleaning up
      10m 37s
    11. Assignment: Pages CRUD
      4m 30s
    12. Assignment results: Pages CRUD
      6m 10s
  19. 39m 26s
    1. The public appearance
      8m 52s
    2. Using a context for conditional code
      11m 37s
    3. Adding a default subject behavior
      6m 9s
    4. The public content area
      5m 51s
    5. Protecting page visibility
      6m 57s
  20. 1h 3m
    1. User authentication overview
      4m 3s
    2. Admin CRUD
      8m 41s
    3. Encrypting passwords
      7m 26s
    4. Salting passwords
      5m 42s
    5. Adding password encryption to CMS
      11m 54s
    6. New PHP password functions
      3m 13s
    7. Creating a login system
      11m 28s
    8. Checking for authorization
      5m 48s
    9. Creating a logout page
      5m 40s
  21. 2m 4s
    1. Next steps
      2m 4s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed PHP with MySQL Essential Training.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.