Home/ Questions/Q 8465763
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T15:08:33+00:00

Using various tutorials namely here and here I’ve managed to put together the following

  • 0

Using various tutorials namely here and here I’ve managed to put together the following PHP script which performs server side validation on the form being submitted. (I already have script which is dealing with the ‘client side’ validation.

<?php
//email signup ajax call
if($_GET['action'] == 'signup'){

    //sanitize data
    $email = mysql_real_escape_string($_POST['signup-email']);

    //validate email address - check if input was empty
    if(empty($email)){
        $status = "error";
        $message = "You did not enter an email address!";
    }
    else if(!preg_match('/^[^\W][a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\@[a-zA-Z0-9_]+(\.[a-zA-Z0-9_]+)*\.[a-zA-Z]{2,4}$/', $email)){ //validate email address - check if is a valid email address
            $status = "error";
            $message = "You have entered an invalid email address!";
    }
    else {

            $insertSignup = mysql_query("INSERT INTO signups (signup_email_address) VALUES ('$email')");
            if($insertSignup){ //if insert is successful
                $status = "success";
                $message = "You have been signed up!";  
            }
            else { //if insert fails
                $status = "error";
                $message = "Ooops, Theres been a technical error!"; 
            }

    }

    //return json response
    $data = array(
        'status' => $status,
        'message' => $message
    );

    echo json_encode($data);
    exit;
}
?>

What I’m now trying to do is to add another field, in this case ‘name’ which I’d like to also validate.

The problem I’m having is that I’m not sure how to add another field into the above code. Again, I’ve been trying to find an example which I could use to study from, but I haven’t found any that I can use.

I just wondered whether someone could possibly look at this please, and perhaps point me in the right direction.

Many thanks and kind regards

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    PHP has a Filter extension to validate and sanitize input.

    The function you are looking for is

    There is also filter_input_array but since there is no easy way to unit-test that properly, it is easier to use the above one instead and pass it the superglobals as needed.

    Example:

    $userInput = array(
    'signup-email' => 'foo at example.com',
    'name' => 'ArthurDent42'
);

$validatedInput = filter_var_array(
    $userInput, 
    array(
        'signup-email' => FILTER_VALIDATE_EMAIL,
        'name' => array(
            'filter' => FILTER_VALIDATE_REGEXP,
            'options' => array(
                'regexp' => "/^[a-z ]{5,10}$/i"
            )
        )
    )
);

var_dump($validatedInput);

    Output (demo):

    array(2) { 
    ["signup-email"]=> bool(false) 
    ["name"]=> bool(false)
}

    Once you have the input validated and sanitized put some guard clauses for each of the values in the array and return early when they are false:

    if (!$validatedInput['signup-email']) {
    return json_encode(array(
        'status' => 'error',
        'message' => 'The eMail was invalid'
    ));
}

if (!$validatedInput['name']) {
    return json_encode(array(
        'status' => 'error',
        'message' => 'Name must be 5 to 10 letters from A to Z only'
    ));
}

// everything's validated at this point. Insert stuff to database now.

    Note that you want to use either PDO or mysqli instead of ext/mysql.

    • 0