PHP Form Validation: Understanding How to Check User-Submitted Data

php form validationThe PHP Hypertext Preprocessor is a programming language that is used by web developers to build dynamic websites or web based applications. The dynamic nature of this language provides functionality that you can store, retrieve, update or delete information from a database. PHP, when it’s used in combination with HTML, makes a web application and website more interactive and efficient.

New to PHP? Take a course at

The PHP processor module interprets the PHP script at the server and returns the generated web page. The PHP code is written within tags and can be embedded inside the HTML file or can be used separately. It is a high level programming language that supports object oriented programming concepts. In addition to object-oriented coding, using PHP is very secure and reliable for transactions and sending highly confidential data on the web. The best advantage of using PHP among other server side scripting languages is that it comes with open source code, which means that you don’t have to pay money to use the functionalities offered by it. You can also add your own libraries to the documentation.


<!DOCTYPE html>



<title>PHP Test</title>



<?php echo '<p>Hello I am  Inside PHP</p>'; ?>



What is Validation?

Validation is used to check values being submitted by the user from a particular form on your website. Validation is performed after the client enters all the required data and presses the “Submit” button. If the data entered by the user does not match or is entered incorrectly, or missing, the entered information will not get stored and returns an error. You then require the user to correct the input before resubmission.

Learn how to create a simple PHP contact form at

There are 2 types of validation:

Client-Side Validation: This validation is performed on the client side i.e. all the information is not sent to the server for validation and is performed on the client machine instead. It is faster and server friendly, but it can be breached easily. Client validation is only possible if Java Script is enabled by the end-user and supported by the web browser.

Server-Side Validation: This type of validation is performed on the server. The data is sent to the server when the submit button is pressed and the server validates the data. The discrepancies are returned as errors in the form of a rendered web page. Server-side validation is much more reliable and secure since you cannot submit incorrect data in any manner. All server side scripting languages like PHP are capable of this type of validation.

Validation performs two functions:

Basic Validation: The form is checked to make sure that all data is entered in each form field. It goes through every form field one-by-one and checks the entry. For instance, the Facebook signup form uses basic server-side validation.

Data Format Validation: The data entered is checked for format such as an email address, which should contain an “@” symbol and domain. This requires a lot more logic and coding. Most developers use regular expressions to check for format validation.

For Example: if the form field accepts integer values, then all the values other than an integer is rejected with an error message. The most widely format validation is used against the textbox field, which requires all types of validation. The reason behind this is that it can store a huge range of alphanumeric values such as phone numbers, email id, and username.

Example of PHP Form Validation

<form action="validate.php" method="POST">

Name:<input type="text" name="Name" />

Email:<input type="text" name="Email" />

Number:<input type="text" name="number" />

<input type="submit" name="submit” />





PHP Script to Validate: validate.php


$name = $_POST["name"]

$email = $_POST["email"];

$number= $_POST["website"];


if (empty($name)){

echo "<p class=\"error\">Your last name cannot be blank</p>";


if(empty($email)) )){

echo "<p >Your email id  cannot be blank</p>";


if(empty($number) || $number <1000000000&& $number>=1000000000)


echo “<p>Number should be of 10 digit</p>”


The above example explains a very basic implementation of validation. There are three entries for which the input is taken from the user. This input is then sent to validate.php file for the validation process. The entered name is checked and if it is empty, the error is returned. Similarly, the remaining two form fields are validated for the same type of content. The error message is displayed on the screen so that the user can fill the entries as per the requirements of the form. This is text field validation.

Validation can also be applied to all the other form fields, which are present in HTML. Different form fields require different types of validation. For instance, the RadioButton control is validated to check if it is selected or not.

Why is Validation Required?

Validation has become an important part of web development process. It is applied in almost every website which involves user interaction. The reason behind this is to save the workload on the server by preventing unwanted user requests to access information. It checks the user’s authentication and helps to keep the web secure.

Use of Validation:

  • It prevents a user’s unauthorized access.
  • It helps provide genuine data.
  • Client side validation saves servers from unwanted and unnecessary load which may otherwise lead to its crash.
  • Validation prevents the database from being overloaded due to anonymous storage of information.
  • Security can be implemented easily with validation.
  • Validation done using PHP cannot be breached by the user since it is done with the server-side validation.


This code is basic overview of PHP form validation, but if you want to learn more, take a class at