How to verify form input using the PHP PREG MATCH function

Preg_match() will be used to teach you some fundamental PHP input validations in order to implement strong web application security. The user input forms, such as registration forms and contact forms, are one of a website's weak points that draw malicious hackers.

The first and most important step in protecting the website is validating user input before processing it.

Checking the length and format of the data we received is part of the validation process. Web developers typically perform validation checks on the client side (like javascript).

Even so, it's simple for someone to damage it and your website. Therefore, performing these validations on the server side (using a language like PHP) is highly recommended.

In most cases, we receive the form input as a string, and we can use preg_match with the right regular expression to check the input string for a required pattern.

Take a quick look at the preg match function's syntax here before moving on to the validation process.

PHP Preg Match Syntax

1. Form Input should contain only alphabet

Consider a "Name" field where we only want the user to type alphabets. Then, using this PHP code, we can perform the checking.

<?php 
     $name = $_POST["Name"];
     if(!preg_match("/^[a-zA-Z]+$/",$name)) { die ("Invalid Name");}
?>

Whereas in the regular expression, $ corresponds to the string's end and, matches the string's beginning. The expression also uses "a-zA-Z" to encompass both capital and lowercase letters.

The code above compares each character in the string to a regular expression and throws errors if there are any characters present in the string beside the alphabet.

2. Form Input should contain only alphanumeric characters

If we want a field (like "username") to only contain alphanumeric characters, we can change the preg_match expression above to also include the numbers 0 through 9.

<?php
     $username = $_POST["Username"];
     if(!preg_match("/^[a-zA-Z0-9]+$/",$username)) { die ("Invalid Username");}
?>

3. The first character should be the alphabet

We can also make an alphabet the first character in a field. Take the same "username" example once more. Although it may have alphanumeric characters, the first character should be an alphabet. If the first character is an alphabet, the code below will determine that.

<?php
     $username = $_POST["Username"];
     if(!preg_match("/^[a-zA-Z]/",$Username)) { die ("Username should start with an alphabet");}
?>

We can also use the expression "/[a-z]/i" in place of "/[a-zA-Z]/." Here, the letter "i" stands for case independence, which means it includes both uppercase and lowercase alphabets.

4. Special characters and alphanumeric data should be included in the form input.

What if you want the input field to contain special characters also? Here is an expression that let the string have alphanumeric characters along with hyphen (-) and space.

<?php
     if(!preg_match("/^[a-zA-Z\-\ ]+$/",$name)) { die ("Invalid Name");}
?>

5. Verify a valid email address.

The code that follows will verify the validity of the provided email address.

<?php
     $emailid = $_POST["Emailid"];
     if(!preg_match("/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/",$emailid)) { die ("Invalid Email-ID");}
?>

Now that we've seen how to use PHP's preg_match replacer in typical form validations, let's move on. Regular expressions are quite powerful, but they take some getting used to. Using the right expression will solve the problem.

I hope this tutorial was helpful in teaching you how to use PHP preg_match in your project.