How to implement data verification after PHP form submission

How to implement data validation after PHP form submission

When developing web applications, forms are one of the most common ways to interact with users. However, the data submitted by users is often unreliable, so we need to verify the data submitted by the form to ensure the security and integrity of the data. This article will introduce how to use PHP to implement data validation after form submission.

1. Form submission
   First, we need to create a form in the HTML page and set the action attribute of the form to the path of a PHP file to handle form submission The data. For example:

<form action="handle_form.php" method="post">
  <input type="text" name="username" placeholder="用户名">
  <input type="password" name="password" placeholder="密码">
  <input type="submit" value="提交">
</form>

2. Data validation
   In the PHP file that handles form submission, we can use the $_POST global variable to obtain the form submission data. Then, we can perform corresponding verification for different form fields.

For example, we can use the empty() function to check if a required field is empty, and the filter_var() function to verify email addresses and URLs and other specific formats.

<?php
$username = $_POST['username'];
$password = $_POST['password'];

// 验证用户名
if (empty($username)) {
  echo "用户名不能为空";
}

// 验证密码
if (empty($password)) {
  echo "密码不能为空";
}

// 验证邮箱
$email = $_POST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  echo "邮箱格式不正确";
}

// 验证URL
$url = $_POST['url'];
if (!filter_var($url, FILTER_VALIDATE_URL)) {
  echo "URL格式不正确";
}
?>

In the above example, we first use the empty() function to check whether the user name and password are empty. If they are empty, the corresponding prompt information will be output. Then, we use the filter_var() function to verify whether the email and URL match the corresponding format. If they do not match, the corresponding prompt information is output.

3. Error handling
   You can consider storing the error information in an array to output error prompts uniformly.

<?php
$errors = [];

// 验证用户名
if (empty($username)) {
  $errors['username'] = "用户名不能为空";
}

// 验证密码
if (empty($password)) {
  $errors['password'] = "密码不能为空";
}

// 验证邮箱
$email = $_POST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  $errors['email'] = "邮箱格式不正确";
}

// 验证URL
$url = $_POST['url'];
if (!filter_var($url, FILTER_VALIDATE_URL)) {
  $errors['url'] = "URL格式不正确";
}

if (!empty($errors)) {
  foreach ($errors as $error) {
    echo $error;
  }
}
?>

By storing error information in the $errors array, and traversing and outputting error information after submission, unified error handling and prompts can be achieved.

4. Security considerations
   In addition to data integrity verification, we should also consider data security. Therefore, we should securely filter and escape data submitted from forms to prevent common attacks such as SQL injection.

<?php
$username = $_POST['username'];
$username = mysqli_real_escape_string($conn, $username);
// ...
?>

In the above example, we use the mysqli_real_escape_string() function to safely escape the user name, which can prevent users from maliciously submitting data containing special characters.

Summary
Through the above steps, we can verify the data after the form is submitted, thereby improving the security of the application. In actual applications, more flexible verification can be performed based on specific needs, and front-end JavaScript can be combined for real-time verification to improve user experience.

The above is the detailed content of How to implement data verification after PHP form submission. For more information, please follow other related articles on the PHP Chinese website!