PHP validation

Posted on 2006-05-28
Last Modified: 2010-05-18

I am trying to create a script to validate phone number, GPA, street address,  using regex function.

___________ GPA validation ________________________________________
// Test GPA
      var regex = /^[0-9]+(\.[0-9]) +$/;
  if (!regex.test(form.gpa.value))
    alert("GPA is not valid!");
    return false;

________________ Phone number validation _________________

// Test Phone Number
 var regex= /\d{3}\d{4}$/|\d{3}\d{3}\d{4}$/|\d{3}-\d{4}$/;

  if (!regex.test(
    alert("Phone number is not valid!");;
    return false;
____________________________address validation_________________________________

// Test address
  var regex = /^[a-zA-Z0-9_\-]+(\.[_a-zA-Z0-9\-]+$/;
  if (!regex.test(form.address.value))
    alert("Address23 is not valid!");
    return false;

The above validation works some time, but not always. The phone validation works only when a phone number is put in the format of 123-455-5678. It needs to validate 1234567890 or 455-5678 or 4555678.

The above GPA validation, for some reason, does not work at all. It should validate a number like 3 or 3.6 or 4.0.

My final question is: is there any function or way to filter and flag a warning when someone typed in (in a textbox in an online survey form) bad words like F-words.

Hope you experts may help me out.



May 28, 2006, at 4:35 pm

Question by:duta
    LVL 17

    Accepted Solution

    Phone number: (###-###-###, #########, ###-####, #######)

    GPA: (allows for 0.0 all the way up to 4.0 and 0,1,2,3,4)

    Your GPA did not work earlier because you have a space at the end, its looking or one or more spaces at the end.  Also yours would allow 999.999, mine limits only one number after the optional decimal point. (This can be changed)

    Author Comment

    TO: BogoJoker:

    Thank you so much again for your very kind response.

    I am writing this upon checking your comment.

    Before posting my questions, I spent quite much time trying to figure out by myself.

    I wonder whether you may kindly show me how to validate address like "123 Sunset Bl, Los Angles".

    I also wonder whethere there is a way to send an error message if any bad words like F-word is put in a textbox.

    Thanks a lot!

    May 29, 2006, at 12:45 am

    Author Comment

    TO: BogoJoker:

    Hi again!

    The GPA validation worked great, but for some reason, the phone validation keeps giving "Invalid phone number" message.

    I just wonder why.

    Thanks again!


    May 29, 2006, at 1:21 am


    Author Comment

    TO: BogoJoker:

    Hi again!

    Your phone validation script is working just fine after Internet Explorer was flushed. Sorry to cause you confusion.

    By the way, I got a comment from someone regarding your script as the follows:
    ___________________ Comment from someone __________________________

    The problem when you have a string in your url, and you output it directly, is that people can easily disrupt your site by adding strange phrases:

    This shouldn't be a real problem, but it isn't something you would like either.

    Therefor you can use certain keywords that identify certain error messages:
    ERR_NO_USERNAME turns to 'Sorry, you should fill in a username'.
    (Eventually you can have a multilanguage site even, which still works because you only have to change the response text with certain error keywords, rather than your validation script which might generate an error.)

    You then setup a list for yourself with possible errors, giving them semi-descriptive names:

    And instead of the code below, you output err keywords:
    elseif (!isset($_POST['year']))
      $err = 'form.php?err=Must+Provide+Your+Name;


    elseif (!isset($_POST['year']))
      $err = 'form.php?err=ERR_NO_USERNAME;

    Because your output always responds only to your own defined ERR_..... keywords, you have full control of what your output messages are.


    I asked the someone to give me a little bit more explanation, but I haven't heard yet.

    I just wonder whether you may kindly help me with that, if you may.

    Thanbks a lot!

    May 29, 2006, at 1:43 am
    LVL 17

    Expert Comment

    I did say that it was a simple form.  Its harmless to let users make their own error messages.  They may even have some fun doing it, thinking they are cool!  But, anyways inorder to cause no harm to anyone I guess we can make our own set of error messages.

    There are a few ways you can do this, here are some simple ways:
    1) Use numbers to represent error messages: 1 = No Name, 2 = No Email....
    2) Use strings to represent error messages: NO_NAME = No Name, NO_EMAIL = No Email...

    They are all up to you, the only changes you would need are in the process.php page, where you set $err like the code you have shown above:
      $err = 'form.php?err=ERR_NO_USERNAME;
    Have that match up on the form.php page.

    (in process.php)
      $err = 'form.php?err=ERR_NO_USERNAME;
    (in form.php)
      if ($err == 'ERR_NO_USERNAME')
        print 'No Username Provided';
      elseif ($err == 'ERR_NO_EMAIL')
        print 'No Email Provided';

    Joe P

    Author Comment

    TO: BogoJoker:

    Thank you so much for your very kind, prompt respnee to my calls for help.

    I am writing this message upon checking your very kind post.  I was out all afternoon and evening, enjoying Memorial Day break.

    I am accepting your tip for PHP form validation (phone and GPA) which is working great. Thank so much for your other help.

    God bless you!


    May 29, 2006 (Monday) at 11:37 pm

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Both Easy and Powerful How easy is PHP? (  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
    Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now