Php script for validating forms
The first thing the form handler does is check that all the fields in our form, including the button, appear in the POST array. We also have more advanced functions for sending email.
For public-facing forms you should add a CAPTCHA or similar device, as you can see in our Feedback form below, or risk being bombarded by spambots.
The PHP code needs to appear at the top of the page - before any HTML or whitespace is displayed.
If errors are found in the submission, the form is cancelled and a list of errors is displayed at the top of the form.
The source code for this example (zip) is available.
By popular demand, here are some basic instructions for setting up a form handler in PHP to verify user input and send an email or display an error message in case the validation fails.
Here is the HTML and PHP code for the form we will be working with: The form will look something like the following - your basic no-frills feedback form: For testing purposes we've removed all the usual Java Script Form Validation and HTML5 Form Validation so the form can simply be submitted and validated by PHP on the server.
The important characteristics of a form handler is that it verifies that the required variables have been set, and that they have appropriate values.
Remember to be thorough as this is your last (only real) line of defence against malicious scripts. Naming the button is useful in case there are multiple forms on the page. In reality we have special functions for validating email addresses and other data types - as will most Java Script libraries.
The following form is validated before being submitted if scripting is available, otherwise the form is validated on the server.
All fields are required, except those marked optional.