Server Side Validation in PHP

Introduction

I am describing Server Side Validation in PHP using Regular Expressions and the validation of data stored in the database. The fields "Name", "Mobile" and "email" are validated from the server side and are validated using a Regular Expression. For the server side validation I am using a Regular Expression in PHP, such as:

Example

Connection.php

<?php

$con = mysql_connect("localhost","root","");

if (!$con)

  {

  die('Could not connect: ' . mysql_error());

  }

 

mysql_select_db("smart", $con);

 

mysql_query("SELECT * From form");

 

 

$sql="INSERT INTO form(name ,Mobile ,email)

VALUES ('$_POST[name]', '$_POST[Mobile]', '$_POST[email]')";

 

if (!mysql_query($sql,$con))

  {

  die('Error: ' . mysql_error());

  }

 

?>

Next, file the Employee.php file is a HTML and PHP file. The PHP file validates with a Regular Expression. Such as:

<?php

ini_set("display_errors",0);// Display some Notice errors, therefore I am using this syntax for notice off

include('connection.php');// I am including connection file for connecting to database

if(isset($_POST['Submit']))

{

$name=(isset($_POST['name']));

$Mobile=(isset($_POST['Mobile']));

$email=(isset($_POST['email']));

$name=trim($_POST['name']);

$Mobile=trim($_POST['Mobile']);

$email=trim($_POST['email']);

 

if($name == "" ) {

$error= "Please Enter Your Name.";

$code= "1" ;

}

 

elseif($Mobile == "" ) {

$error= "Please enter Your Mobile No.";

$code= "2";

}

 

//check if the number field is numeric

elseif(is_numeric(trim($_POST["Mobile"])) == false ) {

$error= "Please enter numeric value.";

$code= "2";

}

 

elseif(strlen($Mobile)<10) {

$error= "Number Enter max 10 digits.";

$code= "2";

}

 

//check if email field is empty

elseif($email == "" ) {

$error= "Please enter email.";

$code= "3";

} //check for valid email

elseif(!preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email)) {

$error= 'Please enter valid email.';

$code= "3";

}

 

else{

echo "Successful submitted you form";

//final code will execute here.

}

 

}

?>

<html>

<head>

<title>Simple Form</title>

</head>

<body bgcolor="#E6E7D8">

<?php if (isset($error)) { echo "<p class='message'>" .$error. "</p>" ;} ?>

<style type="text/css" >

.error{border:1px solid red; }

.message{color: red; font-weight:italite;}

</style>

<form name= "info" id= "info" method= "post" action= "" >

<table width= "327" border= "0"  cellpadding= "5" cellspacing= "1">

<tr>

<td width= "82" >Name: </td>

<td width= "238" ><input name= "name" type= "text" value="<?php if(isset($name)){echo $name;} ?>" <?php if(isset($code) && $code == 1){echo "class=error" ;} ?> ></td>

</tr>

<tr>

<td>Mobile Number: </td>

<td><input name= "Mobile" type= "text" id= "Mobile" value="<?php if(isset($Mobile)){echo $Mobile;} ?>"<?php if(isset($code) && $code == 2){echo "class=error" ;}?> ></td>

</tr>

<tr>

<td> Email: </td>

<td><input name= "email" type= "text" id= "email" value="<?php if(isset($email)){echo $email; }?>"<?php if(isset($code) && $code == 3){echo "class=error" ;}?> ></td>

</tr>

<tr>

<td>&nbsp;</td>

<td><input type= "submit" name= "Submit" value= "Submit" /></td>

</tr>

</table>

</form>

</body>

</html>

Output

When the user submits a blank form then the following error is shown:

When the user submits a Mobile Field that is blank then the following error is shown:

When the user submits a character in the Mobile Field then the following error is shown:

When the user submits an incorrect Mobile number then the following error is shown:

When the user submits an email field that is blank then the following error is shown:

When the user submits an invalid email id then the following error is shown:

Finally, the data is stored in the database.