. This is my blog, where I talk about web design and development with 
CSS Masks: Radial Vignettes
PhotoShop Batch Processing
What Do 1239 Movies Look Like?Sometimes information entered into forms must exactly match a string or value: a username and password in a login form would be a good example. In a login form, the characters used must be exactly the same as a known, stored value. In other forms we might have a much more general field, such as someone entering their name for the first time, or an eMail address. In those cases, we need to check what the user has entered against a pattern, expressed in PHP in a form known as a regular expression.
For example, we might need to confirm a the person’s first name, as entered into the form, contains at least two characters, and that the characters are letters, not numbers or punctuation. The fact that a telephone area code in North America must be three numbers long, and can only start with a limited range of numerals, and an eMail address must contain an @ symbol.
For a very simple example, let’s say that we only wanted to allow people named Bob to be accepted on a form. Using the basic form we have previously introduced, let’s test the value the user enters for their first name, using preg_match, by writing the following code inside the body of formhandler.php:
- <p>
- <?php $pattern = “/Bob/”;
- if (preg_match($pattern, $_POST[‘first name’])) { echo “Welcome, Bob!”; }
- else { echo “You’re not Bob!”; } ?>
- </p>
(Note that both of our responses to someone entering their first name should be wrapped in a paragraph tag, so rather than placing the tags inside each echo statement, I have placed the opening and closing paragraph tag around the PHP. The best way to understand this approach is to use “View Source” in your browser when looking at formhandler.php.)
You will find that “Bob” entered as a first name in form.php receives a positive response from formhandler.php when they press the submit button, but “Robert” receives a negative one.
This is good, but now try entering “Bobby” as the first name.
You will find that formhandler.php still greets us as “Bob”. The reason for that is simple: preg_match is looking for a pattern of characters, as defined by the value of the $pattern variable, rather than perfectly matching a string. formhandler.php will also respond positively to “robdomBobudob”, as it is insensitive to the position of a character string by default.
This is, of course, a silly example. Let’s make it better. Rather than trying to match a set of characters, let’s make it a range:
- <?php $pattern = “/[a-zA-Z]/”;
- if (preg_match($pattern, $_POST[‘first name’]))
- { echo “You have entered your first name”; }
- else { echo “This is not a valid first name!”; } ?>
As a validation routine, this is better – now the user’s first name must at least contain a letter, which may be either uppercase or lowercase. “7” as a first name will not pass, but “7z” will.
Still better:
- <?php $pattern = “/[a-zA-Z]{2}/”;
- if (preg_match($pattern, $_POST[‘first name’]))
- { echo “You have entered your first name”; }
- else { echo “This is not a valid first name!”; } ?>
Now the first name must be at least two letters: “Al”, for instance. But “Al3” will still pass. We could reverse the logic around:
- <?php $pattern = “/[0-9]/”;
- if (preg_match($pattern, $_POST[‘first name’]))
- { echo “This is not a valid first name”; }
- else { echo “You have entered your first name correctly.”; } ?>
Now if the first name contains any numerals it will not pass. Realistically, we only want alphabetical characters in the first name, and hyphens. Note that in this case we reverse the logic (the "!" for "not" in front of preg_match).
- <?php $pattern = “/^[[:alpha].’ -]{2,15}$/”;
- if (!preg_match($pattern, $_POST[‘first name’]))
- { echo “This is not a valid first name”; }
- else { echo “You have entered your first name correctly.”; } ?>
Our pattern, as used in the if statement, could be translated as “first name must contain between two and fifteen letters, with no other characters accepted other than hyphens and a period.” (Generally speaking an upper range value – 15, in this case – is redundant, as the number of characters that can be typed into a text field should be limited by the maxlength attribute value on the input… but it is not wrong in any way to double check, and from a security standpoint, it’s a good idea to do so.)
As you can see, regular expressions can get complicated fast (for an extreme example, see the full pattern for validating an eMail address in Perl). As a general rule, finding good patterns is a matter of searching online or looking at reliable sources, rather than trying to build them from scratch, unless you are attempting to validate a very specialized field. Some examples:
| Information to validate | Pattern |
|---|---|
| First and last name, city | /^[[:alpha:].’ -]{2,15}$/ |
| Phone number (area code, North America) | /[2-9][0-9]{2}/ |
| Phone number (local, after stripping out non-numerals) | /[2-9][0-9]{6}/ |
| eMail address | /^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$/ |
| Image file extension | /\.(jpg|gif|jpeg|png)$/ |
Note that the pattern given for eMail addresses is good, but not perfect: it still has a few few issues, such as not allowing an IP address for the domain. A better (albeit considerably more complicated) validation solution exists, which should probably be combined with a DNS lookup for a complete test.
Haha, that is actually incredibly clever.
![Prometheus: Collector's Edition (Bilingual) [Blu-ray 3D + Blu-ray + DVD + Digital Copy]](http://ecx.images-amazon.com/images/I/5192I1rtYnL._SL160_.jpg "Prometheus: Collector's Edition (Bilingual) [Blu-ray 3D + Blu-ray + DVD + Digital Copy]")
