25 PHP Form Validation Snippets

November 6 by Clay
Recently i have involve myself in another application development. Regular
Hungred Dot Com visitors will notice that the site currently offer advertisement
space through this form. But really, we as a developers are always looking for
such snippets or writing them out from scratch every single time regardless of
how many time we know we have store it somewhere in our laptop! Man, its
really frustrating searching on Google and find all sort of solution and trying to
figure out whether the regular expression implemented is expensive or complete.
So i came out with an idea to ease my life a bit and other developers by putting
up an article such as this for my/our references. (This can be made into a class if
you like to)

Validate Email

We can perform an email validation through this function.

function isValidEmail($email){
return eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]
{2,3})$', $email);
}
After fainted for a few seconds when i saw unreal4u finding, i decided to throw
up preg_match solution instead.
function isValidEmail($email){
return preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.
[a-z]{2,3})$/i', $email);
}
PHP 5.2 and above.
function fnValidateEmail($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
Sanitize Email

We can further sanitize our email to ensure that everything is alright.

function fnSanitizeEmaill($string) {
return preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
}
PHP 5.2 and above.
function fnSanitizeEmaill($url)
{
return filter_var($url, FILTER_SANITIZE_EMAIL);
}
Validate Email Exist

This is not possible but certain validation can be use to validate email existence.
function check_email($email)
{
$email_error = false;
$Email = htmlspecialchars(stripslashes(strip_tags(trim($email)))); //parse
unnecessary characters to prevent exploits
if ($Email == '') { email_error = true; }
elseif (!eregi('^([a-zA-Z0-9._-])+@([a-zA-Z0-9._-])+\.([a-zA-Z0-9._-])([a-zA-Z09._-])+', $Email)) { email_error = true; }
else {
list($Email, $domain) = split('@', $Email, 2);
if (! checkdnsrr($domain, 'MX')) { email_error = true; }
else {
$array = array($Email, $domain);
$Email = implode('@', $array);
}
}

if (email_error) { return false; } else{return true;}

}
Validate Number Only

We can use PHP built-in function to validate whether a given value is a number.
function fnValidateNumber($value)
{
#is_ double($value);
#is_ float($value);
#is_ int($value);
#is_ integer($value);
return is_numeric($value);
}
PHP 5.2 and above.
function fnValidateNumber($value)
{
#return filter_var($value, FILTER_VALIDATE_FLOAT); // float
return filter_var($value, FILTER_VALIDATE_INT); # int
}
Sanitize Number

We can force all value to be only numeric by sanitize them.

function fnSanitizeNumber($str)
{
#letters and space only
return preg_match('/[^0-9]/', '', $str);
}
PHP 5.2 and above.

function fnSanitizeNumber($value)
{
#return filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // float
return filter_var($value, FILTER_SANITIZE_NUMBER_INT); # int
}
Validate String Only

Sometimes to validate name we can use this function to restrict only letters and
spaces.
function fnValidateStringr($str)
{
#letters and space only
return preg_match('/^[A-Za-z\s ]+$/', $str);
}
Sanitize String

We can sanitize it instead of validate user input.

function fnSanitizeStringr($str)
{
#letters and space only
return preg_replace('/[^A-Za-z\s ]/', '', $str);
}
PHP 5.2 and above. built-in function by PHP provides a much more powerful
sanitize capability.
function fnSanitizeStringr($str)
{
return filter_var($str, FILTER_SANITIZE_STRIPPED); # only 'String' is allowed
eg. '<br>HELLO</br>' => 'HELLO'
}

Validate Alphanumeric Characters

This validates alphanumeric characters.

function fnValidateAlphanumeric($string)
{
return ctype_alnum ($string);
}
Sanitize Alphanumeric Characters

This sanitize alphanumeric characters. eg. "HELLO! Do we have 90 idiots running

around here?" => "HELLO Do we have 90 idiots running around here"
function fnSanitizeAlphanumeric($string)
{
return preg_replace('/[^a-zA-Z0-9]/', '', $string);
}
Validate URL Exist

This function will check whether a given URL exist and not only validate it.
function url_exist($url)
{
$url = @parse_url($url);

if (!$url)
{
return false;
}

$url = array_map('trim', $url);

$url['port'] = (!isset($url['port'])) ? 80 : (int)$url['port'];

$path = (isset($url['path'])) ? $url['path'] : '';

if ($path == '')
{
$path = '/';
}

$path .= (isset($url['query'])) ? '?$url[query]' : '';

if (isset($url['host']) AND $url['host'] != @gethostbyname($url['host']))

{
if (PHP_VERSION >= 5)
{
$headers = @get_headers('$url[scheme]://$url[host]:$url[port]$path');
}
else
{
$fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);

if (!$fp)
{
return false;
}
fputs($fp, 'HEAD $path HTTP/1.1\r\nHost: $url[host]\r\n\r\n');
$headers = fread($fp, 4096);
fclose($fp);
}
$headers = (is_array($headers)) ? implode('\n', $headers) : $headers;

return (bool)preg_match('#^HTTP/.*\s+[(200|301|302)]+\s#i', $headers);

}
return false;
}
Validate URL Format

This function will validate a given url to ensure the format is correct.
function fnValidateUrl($url){
return preg_match('/^(http(s?):\/\/|ftp:\/\/{1})((\w+\.){1,})\w{2,}$/i', $url);
}
PHP 5.2 and above.
function fnValidateUrl($url)
{
return filter_var($url, FILTER_VALIDATE_URL);
}
Sanitize URL

PHP 5.2 and above.

function fnSanitizeUrl($url)
{
return filter_var($url, FILTER_SANITIZE_URL);
}
Validate Image Exist

This function will check whether a given image link exist and not only validate it.
function image_exist($url) {
if(@file_get_contents($url,0,NULL,0,1)){return 1;}else{ return 0;}
}

Validate IP Address

This function will validate an IP address.

function fnValidateIP($IP){
return preg_match('/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?
[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$IP)
}
PHP 5 and above. This can also specific validation for IPV4 or IPV6.
function fnValidateIP($ip)
{
return filter_var($ip, FILTER_VALIDATE_IP);
}
Validate Proxy

This function will let us detect proxy visitors even those that are behind
anonymous proxy.
function fnValidateProxy(){
if ($_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'],
array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
exit('Proxy detected');
}
}
Validate Username

Before we validate whether a given username is matches the one in our

database, we can perform a validation check first to prevent any unnecessary
SQL call.
function fnValidateUsername($username){
#alphabet, digit, @, _ and . are allow. Minimum 6 character. Maximum 50
characters (email address may be more)
return preg_match('/^[a-zA-Z\d_@.]{6,50}$/i', $username);
}
Validate Strong Password

Another good thing is to validate whether a particular password given by the

user is strong enough. You can do that using this function which required the
password to have a minimum of 8 characters, at least 1 uppercase, 1 lowercase
and 1 number.
function fnValidatePassword($password){
#must contain 8 characters, 1 uppercase, 1 lowercase and 1 number
return preg_match('/^(?=^.{8,}$)((?=.*[A-Za-z0-9])(?=.*[A-Z])(?=.*[az]))^.*$/', $password);
}
Validate US Phone Number

This function will validate US phone number for US users.

function fnValidateUSPhone($phoneNo){
return preg_match('/\(?\d{3}\)?[-\s.]?\d{3}[-\s.]\d{4}/x', $phoneNo);
}
Validate US Postal Code

This function validate US postal code.

function fnValidateUSPostal($postalcode){
#eg. 92345-3214

return preg_match('/^([0-9]{5})(-[0-9]{4})?$/i',$postalcode);
}
Validate US Social Security Numbers

This function validate US Social Security Numbers.

function fnValidateUSSocialSecurityCode($ssb){
#eg. 531-63-5334
return preg_match('/^[\d]{3}-[\d]{2}-[\d]{4}$/',$ssn);
}
Validate Credit Card

This function validate credit card format.

function fnValidateCreditCard($cc){
#eg. 718486746312031
return preg_match('/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]
{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})$/', $cc);
}
Validate Date

This is a date format MM-DD-YYYY or MM-DD-YY validation which validate from

year 0000-9999.
function fnValidateDate($date){
#05/12/2109
#05-12-0009
#05.12.9909
#05.12.99
return preg_match('/^((0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01])[- /.][0-9]?
[0-9]?[0-9]{2})*$/', $date);

}
This is a date format YYYY-DD-MM or YY-MM-DD validation which validate from
year 0000-9999.
function fnValidateDate($date){
#2009/12/11
#2009-12-11
#2009.12.11
#09.12.11
return preg_match('#^([0-9]?[0-9]?[0-9]{2}[- /.](0?[1-9]|1[012])[- /.](0?[1-9]|
[12][0-9]|3[01]))*$#'', $date);
}
Validate Hexadecimal Colors

This is a good validation for people who allows their user to change color in their
system.

function fnValidateColor($color){
#CCC
#CCCCC
#FFFFF
return preg_match('/^#(?:(?:[a-f0-9]{3}){1,2})$/i', $color);
}
Make Query Safe

This function help sanitize our data to be SQL injection safe.

function _clean($str){
return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\',
htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str),
ENT_QUOTES));

//usage call it somewhere in beginning of your script

_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..
Make Data Safe

This function help to keep us protected against XSS, JS and SQL injection by
removing tags.

function _clean($str){
return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\',
strip_tags(trim(htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) :
$str), ENT_QUOTES))));
}

//usage call it somewhere in beginning of your script

_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..