Created
September 5, 2014 09:32
-
-
Save yunchih/5fc4e5720e756e28cda1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE HTML> | |
<html> | |
<head> | |
<style> | |
.error {color: #FF0000;} | |
</style> | |
</head> | |
<body> | |
<?php | |
// define variables and set to empty values | |
$nameErr = $emailErr = $genderErr = $websiteErr = ""; | |
$name = $email = $gender = $comment = $website = ""; | |
if ($_SERVER["REQUEST_METHOD"] == "POST") { | |
if (empty($_POST["name"])) { | |
$nameErr = "Name is required"; | |
} else { | |
$name = test_input($_POST["name"]); | |
// check if name only contains letters and whitespace | |
if (!preg_match("/^[a-zA-Z ]*$/",$name)) { | |
$nameErr = "Only letters and white space allowed"; | |
} | |
} | |
if (empty($_POST["email"])) { | |
$emailErr = "Email is required"; | |
} else { | |
$email = test_input($_POST["email"]); | |
// check if e-mail address is well-formed | |
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { | |
$emailErr = "Invalid email format"; | |
} | |
} | |
if (empty($_POST["website"])) { | |
$website = ""; | |
} else { | |
$website = test_input($_POST["website"]); | |
// check if URL address syntax is valid (this regular expression also allows dashes in the URL) | |
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) { | |
$websiteErr = "Invalid URL"; | |
} | |
} | |
if (empty($_POST["comment"])) { | |
$comment = ""; | |
} else { | |
$comment = test_input($_POST["comment"]); | |
} | |
if (empty($_POST["gender"])) { | |
$genderErr = "Gender is required"; | |
} else { | |
$gender = test_input($_POST["gender"]); | |
} | |
} | |
function test_input($data) { | |
$data = trim($data); | |
$data = stripslashes($data); | |
$data = htmlspecialchars($data); | |
return $data; | |
} | |
?> | |
<h2>PHP Form Validation Example</h2> | |
<p><span class="error">* required field.</span></p> | |
<!-- | |
What if the incoming URL is : | |
http://www.example.com/test_form.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E | |
which is translated into: | |
<form method="post" action="test_form.php/"><script>alert('hacked')</script> | |
--><form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> | |
Name: <input type="text" name="name" value="<?php echo $name;?>"> | |
<span class="error">* <?php echo $nameErr;?></span> | |
<br><br> | |
E-mail: <input type="text" name="email" value="<?php echo $email;?>"> | |
<span class="error">* <?php echo $emailErr;?></span> | |
<br><br> | |
Website: <input type="text" name="website" value="<?php echo $website;?>"> | |
<span class="error"><?php echo $websiteErr;?></span> | |
<br><br> | |
Comment: <textarea name="comment" rows="5" cols="40"><?php echo $comment;?></textarea> | |
<br><br> | |
Gender: | |
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="female") echo "checked";?> value="female">Female | |
<input type="radio" name="gender" <?php if (isset($gender) && $gender=="male") echo "checked";?> value="male">Male | |
<span class="error">* <?php echo $genderErr;?></span> | |
<br><br> | |
<input type="submit" name="submit" value="Submit"> | |
</form> | |
<?php | |
echo "<h2>Your Input:</h2>"; | |
echo $name; | |
echo "<br>"; | |
echo $email; | |
echo "<br>"; | |
echo $website; | |
echo "<br>"; | |
echo $comment; | |
echo "<br>"; | |
echo $gender; | |
?> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment