Improving validation

Where are we?

You learned to send a form value to a PHP page, and do one check on it. Let’s see how to do a bunch of checks.

More thorough checks

Here’s the order form again:

Order form

Figure 1. Order form

On the previous page we checked whether the user typed a non-numeric value into the field. But there are other errors the user could make, like:

  • Leave the field empty.
  • Type a negative number.
  • Order more than we have in the warehouse (if this is an “error” – it might not be).

Let’s improve the validation, so that it checks for these things. You can try the improved version.

Here’s the validation code:

//Get the input.
$giant_chew_ropes = $_POST['giant_chew_ropes'];
//Validate input.
$error_message = '';
if ( $giant_chew_ropes == '' ) {
  $error_message = 'Please enter the number you want to order.';
else if ( ! is_numeric($giant_chew_ropes) ) {
  $error_message = 'Please enter a valid number.';
else if ( $giant_chew_ropes <= 0 ) {
  $error_message = 'Please enter a positive number.';
else if ( $giant_chew_ropes > 10 ) {
  $error_message = 'Sorry, we don\'t have that many in stock.';
//Any error made?
if ( $error_message != '' ) {
  print "<p>$error_message</p>";
  print '<p>Please click the Back button on your browser and try again.</p>';
else {
  //Input OK, show the order.

Figure 2. Improved validation code

The first thing to notice is the variable $error_message. It’s created on line 13, and set to an empty string.

$error_message = '';

Then there’s a bunch of error checking if statements. Any one of them could find an error, and give $error_message a value, like this:

if ( there is something wrong ) {
   $error_message = ' An error message ';

There can be as many error checks as are needed: 3, 8, 18, whatever.

What happens after all of the error checks have been run? If there is any error at all, then $error_message will have some text in it. If there have been no errors, then $error_message will have the same empty string it started with.

This is checked in line 27:

if ( $error_message != '' ) {
   print "<p>$error_message</p>";
   print '<p>Please click the Back button on your browser and try again.</p>';

If $error_message does not equal an empty string, it means that one of the if statements found an error, and put something in $error_message.

Line 28 has double quotes (”) in it:

print "<p>$error_message</p>";

Remember, this means that PHP will insert the value of the variable $error_message before printing anything.

Notice how flexible this is. We can add and remove as many error checks as we like. As long as each one uses $error_message, it will all work.

Here’s line 23:

else if ( $giant_chew_ropes > 10 ) {

This is the inventory level check. It assumes that we have 10 items to sell. In a real program, the 10 would probably be pulled from a database.

Actually, in a real business, we would probably allow back orders.

Exercise: Dog weight again

Create a page with a form:


Figure 1. Input

Send the form data to a PHP page. If the user enters an invalid number, show an error message:


Figure 2. Error

Check for:

  • An empty field
  • A non-numeric value.
  • A value of zero or less.
  • A value greater than 500.

If there’s a valid number, show this:


Figure 3. Output

You can see my solution. You can also download the files. Of course, do the exercise yourself before you look at my solution.

Upload your solution to your server. Put the URL below.

(Log in to enter your solution to this exercise.)

Can't find the 'comment' module! Was it selected?


In this lesson, you learned how to do a sequence of checks on a value passed to a PHP page.

What now?

You’ve learned a lot about validation. But we still need to make it better. For example, one problem is that, when there is an error, you get a message like this:

Error message

Figure 3. Error message

This isn’t very good. Let’s make it better, more like something you see in a real application.

But before we do that, let’s take a detour, and talk about functions in PHP. It will make our work easier.