Chapter 8: Processing Input

Validating the data

Here's a test for these foreign postal codes:

if ($zip != "")
{
  if(!eregi("^[A-Z0-9\s]+$", $zip)) { $fail .= "$zip is an invalid zip code.<br>\n"; }
}
else{ $fail .= "Please enter your zip code<br>\n"; }

Using the eregi() function lets us match both upper-case and lower-case letters - and the pattern is shorter than ^[a-zA-Z0-9\s]+$. Also, the pattern is generic enough to match postal codes used in the UK and a number of other countries.

You can also do it this way, using ereg():

if ($zip != "")
{
  if(!ereg("^[a-zA-Z0-9\s]+$", $zip)) {
  $fail .= "$zip is an invalid zip code.<br>\n"; }
}
else{ $fail .= "Please enter your zip code<br>\n"; }

Here's another thought. Suppose you created a whole set of patterns that were specific enough for just certain countries? You could put these patterns into an array, indexed by the country name or abbreviation, and use something like this:

$pattern = $patterns[$country];

to get the pattern which matches the country they entered on the form. Feeding that to the validation code would then look like this:

if(!eregi($pattern, $zip))
{
  $fail .= "$zip is an invalid zip code.";
}

Assuming this array is useful for a lot of forms, I'd put the array definition into "arrays.php" and "include" that file into every script that used it. If you had to make a change, you'd just do it in one place. Then every script that cared about it would be updated automatically! I'll cover the use of "includes" a bit later on.

You've learned a lot in this example that won't have to be repeated: The ^, $ and ? operators can help make matching easier. You learned how to make a match against a digit and how to say how many digits make a match. Now let's move on to matches that involve letters. You'll need to know this for checking names, cities, street address and more.

Name: What's in a name? What I mean is, what characters make up a name? Lower-case letters, upper-case letters and maybe a period or a dash. Can you think of anything else? How do we test for that? It depends partly on how you designed your form. If you made separate inputs for first and last names, you've got two variables to test. Don't forget that some people will want to put a middle initial in the box for First Name. It's OK if they do, but your test must match whether they do or don't. You have to allow for spaces, dashes and periods in the First Name. Here's an example of this test:

if ($fname != "")
  {
    if(!ereg("^[-A-Za-z\.\s\&]+$", $fname)) { $fail .= "$fname is an invalid first name.<br>\n"; }
}
else { $fail .= "Please enter your first name<br>\n"; }

The "A-Z" matches any upper-case letter. Likewise, "a-z" matches any lower-case letter. "\s" matches a space. "\." matches a period and - matches a hyphen. \& matches an &. The "+" operator means there must be at least one matching character. This expression can match "Bob", "John Q." "Jean-Claude" or "P.J." It can also match "John & Mary". Those are about the only formats you'd expect a "first name" to have.

Last Name, City, Company: These items can use the same test as you used for First Name. Just use the same test but change the variable names and the error text.

Address: This will be similar to the test for names. We also have to allow for digits. So I added "0-9" to match any digit. I also added \@, \# and \* in case people use @, # or *.

if ($address != "")
{
  if(!ereg("^[0-9A-Za-z\.\s\&\@\#\*]+$", $address))
    { $fail .= "$address is invalid. Please re-enter it.<br>"; }
}
else { $fail .= "You didn't enter your street address.<br>"; }

Copyright © 2004 Steve Humphrey