Form validation

Recoil_UK

Hi guys

I,ve designed a form, my script so far checks to see if it has been submitted or not, checks if all the fields are empty, checks if the required fields are empty, checks the confirm fields match the regular fields...

Password
Confirm Passwrod

etc,etc

and shows a nice warning message if something isnt right.

Now I need to validate the form fields, as follows.....

The password must only contain alphanumeric characters.

The email address must only contain alphanumeric(lowercase),@,-,_ have a @, followed by at least 3 characters then a . and must not contain 2 . as such ..

I,ve been looking at ereg and preg_match, and to tell you the truth, the manual doesnt help much in trying to understand these functions.

Are these the correct functions for what I want to do, or are there alternatives?

Also does anybody know of a tutorial or additional info where I can work out how to use them?

Which one is easier to learn, which one is faster?

Due to the fact that im testing on a windows box, would this have any bearing on what I can use?

Hope someone can help me out with this.

Thx guys

Recoil_UK

Hi guys

Ok, i,ve taken the plunge with ereg.

Here,s what I have so far

if (ereg("^[a-z|0-9|_|-|.]{1,}@{1}[a-z|0-9|-]{3,}.{,1}[a-z|0-9|.]{2,}$", $email))

How does this look so far?

If anybody wants to add anything please feel free, but show the included code by itself with an explanation before finishing, because I dont just want it to work, I also want to understand it.

Thx guys

gammaster

Hello!
I use this functions for validitycheck of alphanumbers and email.
Hope it was something like this you wanted.

function isValidEmail($email = '') {

list($before, $after) = explode("@", $email);

$patternBefore = '^([0-9a-z]*([-|_]?[0-9a-z]+)*)(([-|_]?)\.([-|_]?)[0-9a-z]*([-|_]?[0-9a-z]+)+)*([-|_]?)$';
$patternAfter = '^([0-9a-z]+([-]?[0-9a-z]+)*)(([-]?)\.([-]?)[0-9a-z]*([-]?[0-9a-z]+)+)*\.[a-z]{2,4}$';

$beforeOK = eregi($patternBefore, $before);
$afterOk = eregi($patternAfter, $after);

if ($beforeOk && $afterOk)
	return true;
else
	return false;
}
//---------------------------------------------------
function isAlphaNumeric($str = '') {

$pattern = "/^[a-zA-Z0-9]+$/";

if(preg_match($pattern, $str))
	return true;
else
	return false;

}

xblue

I was about to suggest using preg_match() rather than ereg(), it is more powerful and said to be faster. Pattern syntax is fairly similar with respect to the basic elements.

Some of the basics:

{1} is never needed - exactly 1 occurrence is the default.

for {1,} there is a nice abbreviation, it is +, meaning one or more occurrences without upper limit.

using the vertical bar in character classes (a "choice" of characters enclosed in square brackets) doesn't make much sense this way, this is for alternation outside character classes. example:
(apple|pear)@fruits.com

and you need to escape the dot outside character classes or it will mean any character, almost forgot to mention.

Recoil_UK

Well thx for the info, i,ve decided to change it preg_match after all, i,ve seen somewhere else that this is much faster so I think i,ll stick with it.

Here,s what I have at the moment....

Still not technically correct, but I think i,m getting there.

if (preg_match("/[a-z0-9\_\.\-]{2,}@{1}[a-z0-9\-]{3,}.{1}[a-z0-9]{,3}/", $email))

Which if i,m right, returns true if the pattern is matched and false if not (for some reason if I try and limit the characters after the last . to atleast 2 not greater than 3 {2,3} it doesnt work)

I,ve also written this...

if (preg_match("/\.\./", $email))

Which again if i,m right, returns true so long as .. is in the email address and false if it doesnt.

Am I on the right track with that last statement?

If I am, is it possible to combine the two together?

Thx again

xblue

first of all, why did you drop ^ and $ at the beginning and end? leave them in or it will return true with invalid characters before and after the valid part that is matched by the pattern, like

=/&%$yourname@example.com/$"!

and once again, there is no need to write {1}, but you need to escape the dot like . (maybe you had it and the forum stripped it off, it sometimes does).

with you second test you want to check for a sequence of dots which would be invalid, do I get this right?

Recoil_UK

Hi again

Ok I dropped the ^ and $ because, with them in, it would give the following error.......

if (preg_match("^[a-z0-9\\_\\.\\-]{2,}@[a-z0-9\-]{3,}\\.[a-z]{,3}$", $email))

Warning: No ending delimiter '^' found in D:\Web\register.php on line 176

As far as the second code is concerned I wanted it to check for a sequence of dots and make it invalid, my example is the other way round, but i,m learning and I find it easier like that.

Thanks for your help.

p.s. it strip the \ so I redid it with two in each spot so they would show

Recoil_UK

I got it working as follows

$pattern = "/^([a-z0-9\\_\\.\\-]{2,}@[a-z0-9\\-]{3,}\\.[a-z]{2,3}$)/";
    if (preg_match($pattern, $email))  {
    echo "Email Ok<br>";

Thought it would be something simple.

Btw what does a ? do?, is it used for optional characters?

Thanks again

xblue

yeah, it is equivalent to {0,1}

another use of the questionmark you may see sometimes may be
.?
this is the same as
. (0 or more)
except that it matches "ungreedy", i.e. matches as little as possible to make the whole pattern match.

the syntax page from the manual lists all the meta-characters, you only need to scroll down a bit:
http://www.php.net/manual/en/pcre.pattern.syntax.php

Recoil_UK

Hi again

Still dont get these regular expressions, i,ve seen the examples, but they dont show you the correct way to search for a particular pattern and make sure that the string is conforming to the rest of the rules.

I guess maybe i,m missing something, and untill I can understand what a script actually does, then there,s now way i,ll be using it, and this is because of two reasons.

Bad idea security wise.
It takes all the fun out of it.

So this is what I have ended up with so far.....

function validate_email() {
    global $email, $error;

$valerror = "<br>Your <strong>Email address</strong> doesnt appear to be in the <strong>correct format</strong>!";
$emailarray = explode("@", $email);

if (!$emailarray[1])  {
  $error = $valerror;
  registration_form();
  return;
}
elseif (!is_null($emailarray[2])) {
  $error = $valerror;
  registration_form();
  return;
}
else {

$patternBefore = "/^([a-z0-9]{1,})$/";
$patternAfter = "/^([a-z0-9?\-]{3,})$/";

if (preg_match($patternBefore, $emailarray[0])) {
  $beforeOk = "1";}
if (preg_match($patternAfter, $emailarray[1])) {
  $afterOk = "1";}

if ($beforeOk && $afterOk) {
  echo "<br><br>Email good";
} else {
    $error = $valerror;
    registration_form();
    }
}
}

I,ve split the address into 2 at the @, like gammaster's suggestion, and then check to make sure that there,s atleast 1 @ but no more.

If everything is well, then it continue,s to check the split email, against the 2 patterns.

Each error throws the user back to the registration form with an error message.

Sorted, but if you look at the afterpattern, I still need to add something to it. Basically I want the user to be able to input optional characters at the end, these will be a . and if thats there then this is also required a-z{2,3}.

As you can see I know the single options, but I cant combine then.

The frontpattern also needs work, but if someone can show how to do backpattern, then I may be able to it myself.

And then there,s also the problem of not allowing a pattern like so .. on both parts.

L8rs guys

Thx for the help so far

Recoil_UK

Update....

Took a break for a while, when I came back everything started to fall into place with these expressions.

This is what I have now, and i,m reasonably happy with it.

The script is written so you can try it without to much effort, let me know what you think.

function validate_email() {
  global $email, $error;

  $valerror = "<br>Your <strong>Email address</strong> doesnt appear to be in the <strong>correct format</strong>!";

  $pattern = "/(\.\.|@@|\s)/";

  if (preg_match($pattern, $email)) {
    echo "<br>Found a space, .. or @@ in Email!<br>";
    }
    else { echo "<br>Didnt find a space, .. or @@ in Email!<br>";
    }

  $pattern = "/^[a-z0-9]+[a-z0-9.-]*@[a-z0-9\-]{3,}[.][a-z.]{2,}$/";

  if (preg_match($pattern, $email)) {
    echo "<br>Pattern Ok!<br>";
    }
    else { echo "<br>Pattern Bad!<br>";
    }
}

Only thing to do know is to maybe set the patterns up into an array, testing them as I loop through them.

L8rs

xblue

you wouldn't need an extra check for spaces or duplicated @ symbols, your main pattern doesn't allow them anyway.
for duplicated dots there are better ways as well.

maybe you find this tutorial helpful, one of the examples is email address validation, explained step by step.

Recoil_UK

Hi xblue

You da man, excellent tutorial, just what I was looking for.

Thx m8, finally I got it sorted, it was the optional statements which were causing me the headache.

Still dont agree with his format though, look at this....

(!pregmatch("/^[-_a-z0-9]+(\.[-_a-z0-9]+)*@[-a-z0-9]+(\.[-a-z0-9]+)*\.[a-z]{2,6}$/", $email)

I just dont seem to recall seeing any 6 character top level domain suffix,s before, if i,m wrong then somebody plz let me know.

Here,s mine.....

$pattern = "/^[-_a-z0-9]+(\.[-_a-z0-9]+)*@[-a-z0-9]+(\.[a-z]{2,3})*\.[a-z]{2,3}$/";

I may change it to this also ....

$pattern = "/^[-_a-z0-9]+(\.[-_a-z0-9]+)*@[-a-z0-9]{3,}(\.[a-z]{2,3})*\.[a-z]{2,3}$/";

Thx again

xblue

museum is the only tld longer than 4 characters I know.
I'd at least extend it to 4 characters, I think .info is slightly more popular than .museum 😉

Recoil_UK

Hi again

Guess what, yeah u got it, i,m stuck again.

Password field next.

Easy some may say, well if I just want to make it contain only letters and numbers with atleast 8 and a maximum of 15 i,d be sorted....

"/^[0-9a-z]{8,15}$/i"

Unfortunately I rarely make things that easy for myself, there,s another rule, this is, atleast 3 have to be numbers.

Can I even do this in preg_match?

Thx again

xblue

I wouldn't know how to do it in the same regexp, but with
preg_match_all("/\d/", $password, $matches);
echo count($matches);
you should be able get the # of digits.