How to use the PHP PREG MATCH function to validate Form Input

In strong web application security using PHP pre-match is very versatile we'll learn some basic PHP validations from input by using the preg_match() function. One of the vulnerable spots in a website that attracts malicious hackers are the user input forms like registration forms, contact forms, etc.

Validating the user input before processing is the first and foremost step in securing the site.

The validation includes checking if the data we received is in the right format and length. Generally, it's a practice among web developers to do validation checks at the client-side (like javascript).

Still, it’s easy for someone to break it and harm your site. So it's strictly advisable to do these validations on the server-side (like PHP).

Generally, we receive the form input as a string and we can use preg_match with an appropriate regular expression to check a required pattern in the input string.

Before getting into the validation process, here take a sneak peek at the syntax of the preg match function.

PHP Preg Match Syntax

1. Form Input should contain only alphabet

Let's say we have a "Name" field in which we want the user to enter only alphabets. Then we can do the checking by this PHP code,

<?php 
     $name = $_POST["Name"];
     if(!preg_match("/^[a-zA-Z]+$/",$name)) { die ("Invalid Name");}
?>

Where in the regular expression,^ matches the start of the string and $ matches the end of the string. Also "a-zA-Z" is used in the expression to include both upper and lower case alphabets.

The above code checks each character of the string against the regular expression and throws errors incase if there is any other character other than the alphabet present in the string.

2. Form Input should contain only alphanumeric characters

In case we want a field (eg., "username") to contain only alphanumeric characters then we can alter the above preg_match expression to include 0-9 numbers too.

<?php
     $username = $_POST["Username"];
     if(!preg_match("/^[a-zA-Z0-9]+$/",$username)) { die ("Invalid Username");}
?>

3. The first character should be the alphabet

We can also force a field's first character to be an alphabet. Let’s take the same "username" example. It can contain alphanumeric characters but we want the first character to be an alphabet. The below code will check if the first character is an alphabet.

<?php
     $username = $_POST["Username"];
     if(!preg_match("/^[a-zA-Z]/",$Username)) { die ("Username should start with an alphabet");}
?>

Instead of using the expression "/^[a-zA-Z]/", we can use "/^[a-z]/i" also. Here ‘i’ represents case-independent ie., includes both uppercase and lowercase alphabets.

4. Form Input should contain alphanumeric with special characters

What if you want the input field to contain special characters also? Here is an expression that let the string have alphanumeric characters along with hyphen (-) and space.

<?php
     if(!preg_match("/^[a-zA-Z\-\ ]+$/",$name)) { die ("Invalid Name");}
?>

5. Check for valid Email-ID

The below code will check if the given email id is a valid one.

<?php
     $emailid = $_POST["Emailid"];
     if(!preg_match("/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/",$emailid)) { die ("Invalid Email-ID");}
?>

Now we have seen so far how to use PHP preg_match replacer in common validations we should employ while validating a form. Though it will take a while to warm up with regular expressions, they are quite powerful, and using the right expression will do the trick.

I hope that you have learned a great tutorial on how to use PHP preg_match in your project.