In the previous tutorial on user input validation the basics about user input validation were explained. This tutorial will require you to have a basic knowledge about user input validations (php patterns), if you don’t know about php patterns yet I’d advice you to first have a look at the previous tutorial about user input validation. In this tutorial a couple of examples of user input validation patterns will be given and explained. The patterns explained in this tutorial are for: email and website address (url) user input validations.
Use of all patterns
All patterns explained in this tutorial can be used by using the preg_match function, for example using an if loop:
//$value = $_POST['input_field_name']; for example
if(preg_match("/pattern/", $value))
//matched
else
//did not match
Email Validation
To validate a user input for an email, to check whether it’s a valid email, can be done in several ways. Here I’ll be showing 2 ways to validate an email. To create a pattern for validating an email you’ll first need to think of how an email can look like ( structure ). Which is:
email_name@email_provider.lang
Where ‘lang’ can be anything like: com or net or nl ( dutch ), etc.. The ‘email_name’ can be anything of any length containing alphabetical characters, numbers or the – _ symbols. Same goes for the ‘email_provider’. So for validating USA email addresses (.com) for example, we could have a pattern like this:
Pattern:
/^[A-Za-z0-9-_.]*@[A-Za-z0-9-_.]*(\.com)$/
However this pattern will only allow/match email addresses that end with .com. We could use the | seperator to allow several ‘extensions’ for the email ( .com OR .net OR .nl, etc..). That would look like this:
Pattern:
/^[A-Za-z0-9-_.]*@[A-Za-z0-9-_.]*(\.com|\.net|\.nl|\.de|\.be|\.co\.uk)$/
And you could add all extensions you want to allow for the email address there, seperated by | and don’t forget to escape the dots (.) with a backslash (\) so it will be treated as a normal character.
Note: a second way to do this could be to allow all extensions (.com, .net or .anythinghere). To do this just replace the \.com|\.net|etc… by \.[A-Za-z0-9]* which basicly means: all alphabetical characters and numbers.
Example of use:
<?php
$email = "validemail123@validprovider_09.net";
if(preg_match("/^[A-Za-z0-9-_.]*@[A-Za-z0-9-_.]*(\.com|\.net|\.nl|\.de|\.be|\.co\.uk)$/", $email)) {
echo "<p> Valid email: {$email} </p>";
}else{
echo "<p> Invalid email: {$email} </p>";
}
$email = "invalid' email@invalid,provider}.fpweo";
if(preg_match("/^[A-Za-z0-9-_.]*@[A-Za-z0-9-_.]*(\.com|\.net|\.nl|\.de|\.be|\.co\.uk)$/", $email)) {
echo "<p> Valid email: {$email} </p>";
}else{
echo "<p> Invalid email: {$email} </p>";
}
?>
Output:
Valid Email: validemail123@validprovider_09.net
Invalid Email: invalid’ email@invalid,provider}.fpweo
Website Address Validation
For creating a pattern to validate website adresses (urls) we’ll have a look at a valid structure of a website address first, which is similar to:
http(s)://(www. or subdomain.)websitename.com(/directories)(/page.ext)(?getvar&getvars)
Where what’s between brackets is optionally. The .com can be any other ‘extension’ of course (.net or .co.uk, etc.).
Pattern:
/^(http)(s)?(:\/\/)(www\.|[A-Za-z0-9_-]*\.)?[A-Za-z0-9_-]*(\.com|\.net|\.co\.uk|\.net)(\/|\/[A-Za-z0-9-_ .]*)*$/
This is just an example of a pattern I created that could be used. It may at first look complex but it isn’t that complex at all if you have a further look into it. Let’s go through it briefly. Each valid website address starts with ‘http’ (^(http)) followed by an optional ’s’ ( (s)? ). After that there’s a ‘://’ which is put inside the pattern as (:\/\/) as all /s need to be escaped by a \. So // becomes \/\/. Then there’s an optional ( so a ? behind the collection ) ‘www.’ or ’subdomain_name.’ where the subdomain_name can be any alphabetical character or number or _ or – ([A-Za-z0-9_-]) and any size (* = any amount of characters). The question mark behind this collection ( www. | subdomain. ) defines it may occur one or zero times (that it’s optional). Then there’s again the [A-za-z0-9_-] which again means any alphabetical characters or numbers or the _ or – symbol, which is for the domainname of the website which may contain any of these characters in any length (*). Then it should be followed by any of these ‘extensions’ ( \.com|\.net|\.co\.uk|\.net ). Now the rest of the pattern is optional – there can be anything after the url (after a backslash / ).
Example of use:
<?php
$url = "http://www.validurl.net/anypath/anyfile.php?anything";
if(preg_match("/^(http)(s)?(:\/\/)(www\.|[A-Za-z0-9_-]*\.)?[A-Za-z0-9_-]*(\.com|\.net|\.co\.uk|\.net)(\/|\/[A-Za-z0-9-_ .]*)*$/", $url)) {
echo "<p> Valid url: {$url} </p>";
}else{
echo "<p> Invalid url: {$url} </p>";
}
$url = "http://invalidurl-^.";
if(preg_match("/^(http)(s)?(:\/\/)(www\.|[A-Za-z0-9_-]*\.)?[A-Za-z0-9_-]*(\.com|\.net|\.co\.uk|\.net)(\/|\/[A-Za-z0-9-_ .]*)*$/", $url)) {
echo "<p> Valid Url: {$url} </p>";
}else{
echo "<p> Invalid Url: {$url} </p>";
}
?>
Output:
Valid Url: http://www.validurl.net/anypath/anyfile.php?anything
Invalid Url: http://invalidurl-^.
Note: To only allow domain names website addresses without any paths behind it ( like: http://www.google.com ) remove the last part of the pattern between brackets followed by a * ( which is: (\/|\/[A-Za-z0-9-_ .]*)* ) or replace it by (\/)? if you do want to allow a possible ending backslash ( http://www.google.com/ ).
Mon, Feb 1, 2010
PHP & MySql