PHP Form Data Validation and Filtering Techniques

As the internet evolves, forms are essential for user interaction, and ensuring their data security and validity is crucial for developers.

1. Data Validation

Data validation checks whether submitted data meets predefined rules. Common methods include:

1. Required field validation

Use empty() or isset() to determine if a field is empty.

Example code:

if (empty($_POST['username']) || empty($_POST['password'])) {
    echo "Username and password cannot be empty!";
    exit;
}

2. Email format validation

Validate email using filter_var() with FILTER_VALIDATE_EMAIL.

Example code:

$email = $_POST['email'];

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "Invalid email format!";
    exit;
}

3. Phone number format validation

Use a regular expression to verify phone numbers.

Example code:

$phone = $_POST['phone'];

if (!preg_match("/^1[3456789]\d{9}$/", $phone)) {
    echo "Invalid phone number format!";
    exit;
}

2. Data Filtering

Data filtering removes unwanted characters. Common methods include:

1. Strip HTML tags

Use strip_tags() to remove HTML.

Example code:

$content = $_POST['content'];
$filteredContent = strip_tags($content);

2. Escape special characters

Use htmlspecialchars() to escape special characters.

Example code:

$content = $_POST['content'];
$filteredContent = htmlspecialchars($content);

3. Prevent SQL injection

Use mysqli_real_escape_string() to escape input before database queries.

Example code:

$username = $_POST['username'];
$password = $_POST['password'];

$username = mysqli_real_escape_string($con, $username);
$password = mysqli_real_escape_string($con, $password);

These are common validation and filtering techniques; developers should choose methods based on specific business and security requirements to improve user experience and protect site security.