Hi everyone,
I'm setting up a databse to store visitor name and other info, and i would like to put in validation on the name input. I have no idea how. Also should it be serverside or clientside. Thanks for any help

What do you mean by validation? It depends on what you mean by that but probably client side. For example validation of a phone number could be broken down to only allowing


\d{3}-\d{3}-\d{4}

\d{3}.\d{3}.\d{4}

\(\d{3}\)-\d{3}-\d{4}

client-side for user convenience, server-side for anything that's actually important.

client-side validation can always be bypassed and/or faked, so when your input gets to the server, you should always treat it as "bad."

client-side validation does, however, save time for good boys and girls by pointing out mistakes before bothering your server with them.

to validate a name (and many other things), using preg_match() works well.

regexs, as you can see from bluewalrus' examples above, can be complex depending on what you want to validate. phone numbers are probably one of the hardest things to validate because there are so many formats for them, depending on localization and individual preference. bluewalrus' examples will (individually) catch:

234-567-8910
234.567.8910
(234)-567-8910

but will reject:

567-8910
(234)567-8910
234-567-89-10
2345678910
1(234)567-8910
+1-234-567-8910 etc., etc., etc.. even though they all correctly describe a phone number.



here's an example that seems to work most of the time (though another post admonishes us to just trust that the user knows their own phone number):

^(?:(?:\+?1\s*(?:[.-]\s*)?)?(?:\(\s*([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9])\s*\)|([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9]))\s*(?:[.-]\s*)?)?([2-9]1[02-9]|[2-9][02-9]1|[2-9][02-9]{2})\s*(?:[.-]\s*)?([0-9]{4})(?:\s*(?:#|x\.?|ext\.?|extension)\s*(\d+))?$
(lol i luv it when code gives u unexpected smilies!)



in contrast, validating a name is much simpler: almost always, you just want letters and possibly spaces, apostrophes, and hyphens.

^[ -'A-Za-z]+$
preg_match usage:
$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['unvalidatedName'] ) ?
$_POST['unvalidatedName'].' is a good name':
$_POST['unvalidatedName'].' is a bad name';
// ( note we add delimiters and have to escape the apostrophe )

preg_match usage:
$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] );
// ( note we add delimiters and have to escape the apostrophe )
How do I use this code? i get i have to fill in the name of the input from the form but how do i use it. Do i just put it in the page the form is being processed by? Also, what happens if there is a error with the imput?



<?php
if(isset($_COOKIE['Authorization'])){
$cheese = $_POST['name'];
$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] );
$inTwoMonths = 60 * 60 * 24 * 60 + time();
setcookie('lastVisit',$cheese, $inTwoMonths);}
else{
header('location: index.php');}
?>


Would this code work?

sorry; I got ahead of myself. preg_match() returns TRUE or FALSE, so use it as a condition instead, not as the assigned value:
$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] ) ? $_POST['name']: NULL;

if(empty($validName)){
print "please use only letters (a-z), spaces ( ), hyphens (-), and/or apostrophes (') in your name";
}else{ print "hello, $validName!"; }

as far as your code goes, your name validation is not connected to the script in any way: nothing happens because of it, and all the other code is completely unrelated.

why are you trying to use this in the middle of your cookie code? i would think that you'd want to insert the name in your database if it was valid, and reject it and show an error if it was bad.

I am eventually going to use it for a database but I wanted to test it.

You can use the regex with javascript as well to test it before passing it to the php, and let the user know to correct it at that point.

This is a rough js sample if you want a functioning one please provide your HTML.


var check_name = /^[ -\'A-Za-z]+$/;
//if jquery
if ( check_name.test( $(this).attr('id').val())) {
submit
} else {
error message
dont submit
}

//non jquery
if ( check_name.test( document.getElementById('IDofINPUT/textarea').value)) {
submit
} else {
error message
dont submit
}

I am eventually going to use it for a database but I wanted to test it.

yes, but you need to have some result from your test, or you will never know if it "worked" or not.

try something like this, in its own script:
<?php
if(!empty($_POST['name'])){
// note I changed the regex slightly: the hyphen _must_ go first
$validName = preg_match( '/^[- \'A-Za-z]+$/', $_POST['name'] ) ?
$_POST['name'].' is a good name':
$_POST['name'].' is a bad name';
print $validName;
}
?>
<form method="POST">
<input name="name">
<input type="submit" value="Submit">
</form>then build your logic further on that, and get closer to what you want it to actually do.

Do you put the preg_match thing on the page with the form or the page the form is being processed by?

It should go where it is being processed.

You could always try jscript, or jquery validation, its usually easy to implement.

Try This:

http://corpocrat.com/2009/07/15/quick-easy-form-validation-tutorial-with-jquery/

Best Of Luck!

-JL Griffin

$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] ) ? $_POST['pass']: NULL;

if(empty($validName)){
print "please use only letters (a-z), spaces ( ), hyphens (-), and/or apostrophes (') in your name";
}


$age2 = preg_match( '/^[ -\'0-9]+$/', $_POST['age']: NULL;

if(empty($age2)){
print "please use only numbers in your age";
}

Would this work. If it wouldn't could you please tell me where the problem is.

$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] ) ? $_POST['pass']: NULL;
// in the regex, put the hyphen first (not the space): [- \'A-Za-z]
// you're assigning $_POST['pass'] as the "true" value of $validName.
// is this intentional?

if(empty($validName)){
print "please use only letters (a-z), spaces ( ), hyphens (-), and/or apostrophes (') in your name";
}
// looks okay

// $age2 = preg_match( '/^[ -\'0-9]+$/', $_POST['age']: NULL;
// bad syntax (forgot the second half of the preg_match function and the conditional ?)
// if you want "only numbers," use [0-9] in your range.
// try this:
$age2 = preg_match('/^[0-9]+$/',$_POST['age']) ? $_POST['age']: NULL;

if(empty($age2)){
print "please use only numbers in your age";
}
try it out.

I'm trying to make sure that name is only letters and age is only numbers. I don't now why I put in pass. Must have been an accident. How do I remove it without stuffing up the script?

just replace it with the value you want (I assume $_POST['name']):
$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] ) ? $_POST['name']: NULL;

Just change the value being set from $_POST['pass'] to $_POST['name'].


$validName = preg_match( '/^[ -\'A-Za-z]+$/', $_POST['name'] ) ? $_POST['name']: NULL;
// in the regex, put the hyphen first (not the space): [- \'A-Za-z]
// you're assigning $_POST['pass'] as the "true" value of $validName.
// is this intentional?

if(empty($validName)){
print "please use only letters (a-z), spaces ( ), hyphens (-), and/or apostrophes (') in your name";
}
// looks okay

// $age2 = preg_match( '/^[ -\'0-9]+$/', $_POST['age']: NULL;
// bad syntax (forgot the second half of the preg_match function and the conditional ?)
// if you want "only numbers," use [0-9] in your range.
// try this:
//\d+ will check for only numbers as well. if you prefer the 0-9 method you can swap that back i prefer the \d+
$age2 = preg_match('/\d+/', $_POST['age']) ? $_POST['age']: NULL;

if(empty($age2)){
print "please use only numbers in your age";
}

If you're unfamiliar with that conditional operator you can see how it works here, http://php.net/manual/en/language.operators.comparison.php, it's the Ternary Operator.