PHP Form Validation

Form validation is one of the major part of web development in PHP. There are lots of vulnerabilities and exploits are available which must be taken care of while submitting a PHP form. Otherwise, unwanted viruses and malware can harm PHP host server and database.

Read Also: PHP Form Handling

Form Validation in PHP

The Required field will check whether the field is filled or not in the proper way. In most of cases we will use the * symbol for required field.

Pictorial representation


What is Validation?

The Validation checks the input submitted by the user. There are two types of validation:

  •      Client-Side Validation− The client-side Validation is performed on the client machine web browsers.
  •      Server-Side Validation− After submitting the data, The data has sent to a server and perform validation checks in the server machine.
FieldValidation Rules
NameRequired. + Must only contain letters and whitespace
E-mailRequired. + Must contain a valid email address (with @ and .)
WebsiteOptional. If present, it must contain a valid URL
CommentOptional. Multi-line input field (text area)
GenderRequired. Must select one
RadioMust be selectable at least once
CheckBoxMust be checkable at least once
Drop-Down menuMust be selectable at least once

An HTML form contains many input fields such as text box, checkbox, radio buttons, submit button, and checklist, etc. The input fields need to be validated, which specifies that the user has entered information in all the required fields is valid and correct.

General Form Validations in PHP

It is not necessary that the details provided by the user is always correct. PHP validates the data which is submitted by Html form. We need to validate a few things at server side:

  1. Empty String
  2. Validate String
  3. Validate Numbers
  4. Validate Email
  5. Validate URL
  6. Input length

Empty String

The block of code below checks that the field is not empty. If the user skips the required field empty, it will generate an error message.

if ( empty ($_POST["name"])){

    $errMsg = "Error! You didn't enter the Name.";

    echo $errMsg;


    $name = $_POST["name"];


Validate String

The block of code below checks that the input field will contain only alphabets and whitespace. If the name field does not get the valid input from the user, then it will generate an error message

$name = $_POST ["Name"];

if (!preg_match ("/^[a-zA-z]*$/", $name) ){

    $ErrMsg = "Only alphabets and whitespace are allowed.";

    echo $ErrMsg;


    echo $name;


Validate Number

The block of code below validates that the field will only contain a numeric value. If the Mobile no does not receive numeric data from the user, the code will generate an error message:

$mobileno = $_POST ["Mobile_no"];

if (!preg_match ("/^[0-9]*$/", $mobileno) ){

    $ErrMsg = "Only numeric value is allowed.";

    echo $ErrMsg;


    echo $mobileno;


Validate Email

The valid email must contain @ &. Symbols. The PHP provides various methods to validate the email address. Now we will use regular expressions to validate the email address.

The below block of code validates the email address. If the email is not valid, then the code will generate an error message:

$email = $_POST ["Email"];

$pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^";

if (!preg_match ($pattern, $email) ){

    $ErrMsg = "Email is not valid.";

    echo $ErrMsg;


    echo "Your valid email address is: " .$email;


Input Length Validation

The input length validation allows the user to provide the value between the specified range. A valid mobile number must have ten digits.

$mobileno = strlen ($_POST ["Mobile"]);

$length = strlen ($mobileno);

if ( $length < 10 && $length > 10){

    $ErrMsg = "Mobile must have 10 digits.";

    echo $ErrMsg;


    echo "Your Mobile number is: " .$mobileno;


Validate URL

The below block of code validates the URL of the website. If the URL is not valid, it will generate an error message.

$websiteURL = $_POST["website"];

if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)){

    $websiteErr = "URL is not valid";

    echo $websiteErr;


    echo "Website URL is: " .$websiteURL;


Button Click Validate

The below block of code validates that the user clicks on the submit button and send the form data to the server using one of the following methods – get or post.

if (isset ($_POST['submit']){

    echo "Submit button is clicked.";

    if ($_SERVER["REQUEST_METHOD"] == "POST"){

        echo "Data is sent using POST method ";



    echo "Data is not submitted";


Now we will apply all these validations to an HTML form to validate the fields.

Simple PHP Registration Form Validation

<!DOCTYPE html>		




.error {color: #FF0001;}		





// define variables to empty values		

$nameErr = $emailErr = $mobilenoErr = $genderErr = $websiteErr = $hobbyErr = "";		

$name = $email = $mobileno = $gender = $website = $hobby = "";		

//Input fields validation		


	//String Validation		

	if (empty($_POST["name"])){		
	    $nameErr = "Name is required";		
	} else {		
	    $name = input_data($_POST["name"]);		

		 	 // check if name only contains letters and whitespace		

		 	 if (!preg_match("/^[a-zA-Z ]*$/",$name)) { 
	        $nameErr = "Only alphabets and white space are allowed";		
	//Email Validation	 	
	if (empty($_POST["email"])) {		
	   $emailErr = "Email is required";		
	} else {
	   $email = input_data($_POST["email"]);		

		 	 // check that the e-mail address is well-formed		

		 	 if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { 
	        $emailErr = "Invalid email format";		


	//Number Validation		
	if (empty($_POST["mobileno"])) {
	   	$mobilenoErr = "Mobile no is required";		
	} else {
	    $mobileno = input_data($_POST["mobileno"]);	
		   // check if mobile no is well-formed		
	    if (!preg_match ("/^[0-9]*$/", $mobileno) ) { 
	        $mobilenoErr = "Only numeric value is allowed.";		

	    //check mobile no length should not be less and greator than 10		

		 		if (strlen ($mobileno) != 10) {		

		 		    $mobilenoErr = "Mobile no must contain 10 digits.";		



	//URL Validation	 	 		

	if (empty($_POST["website"])){

 		$website = "";		


		$website = input_data($_POST["website"]);	

		// check if URL address syntax is valid		

		if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)){

		 	$websiteErr = "Invalid URL";


	//Empty Field Validation		

	if (empty ($_POST["gender"])){

		$genderErr = "Gender is required";		


		$gender = input_data($_POST["gender"]);		


	//Checkbox Validation		

	if (!isset($_POST['hobbies'])){		

		$hobbyErr = "You must select hobby.";		


		$hobby = input_data($_POST["hobbies"]);	



function input_data($data){

	$data = trim($data);		

	$data = stripslashes($data);		

	$data = htmlspecialchars($data);		

	return $data;



<h2>Registration Form</h2>		

<span class = "error">* required field </span>		


<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" >	 		


	<input type="text" name="name">		

	<span class="error">* <?php echo $nameErr; ?> </span>	



	<input type="text" name="email">		

	<span class="error">* <?php echo $emailErr; ?> </span>	


	Mobile No:		

	<input type="text" name="mobileno">		

	<span class="error">* <?php echo $mobilenoErr; ?> </span>	



	<input type="text" name="website">		

	<span class="error"><?php echo $websiteErr; ?> </span>		



	<input type="radio" name="gender" value="male"> Male		

	<input type="radio" name="gender" value="female"> Female		

	<input type="radio" name="gender" value="other"> Other		

	<span class="error">* <?php echo $genderErr; ?> </span>	



	<input type="checkbox" name="hobbies" value="Reading"> Reading	

	<input type="checkbox" name="hobbies" value="Writing"> Writing	

	<input type="checkbox" name="hobbies" value="Playing"> Playing	

	<span class="error">* <?php echo $hobbyErr; ?> </span>	


	<input type="submit" name="submit" value="Submit">




	if(isset($_POST['submit']))	{

		if($nameErr == "" && $emailErr == "" && $mobilenoErr == "" && $genderErr == "" && $websiteErr == "" && $hobbyErr == ""){

			echo "<h3 color = #FF0001> <b>You have sucessfully registered.</b> </h3>";		

			echo "<h2>Your Input:</h2>";		

			echo "Name: " .$name;		

			echo "<br>";		

			echo "Email: " .$email;		

			echo "<br>";		

			echo "Mobile No: " .$mobileno;		

			echo "<br>";		

			echo "Website: " .$website;		

			echo "<br>";		

			echo "Gender: " .$gender;		

			echo "<br>";	

			echo "Hobby: " .$hobby;
		} else {		

			echo "<h3> <b>You didn't filled up the form correctly.</b> </h3>";		







Registration form before submission

Registration form

Registration form after submission

Registration Form output

Read More: Required Fields in PHP Form


I hope you have a complete understanding of PHP form validation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Read previous post:
multiple file upload in php using ajax
How to Multiple File Upload in PHP Using Ajax

Multiple file upload in PHP using ajax script is relatively easy to implement. Here is the simplest method to upload...