Is there a better way to validate my form? PHP

Question

I am trying to create a register page and I was wondering if there is a better way of doing this. So what I was think was instead of typing every field or is this a good way of doing this?

This is what I have currently.

This is the form

<form action="" method="POST">
    <input type="text" name="username" placeholder="Username:" />
    <input type="password" name="password" placeholder="Password:" />
    <input type="password" name="password" placeholder="Confirm password:" />
    <input type="text" name="email" placeholder="Email:" />
    <input type="text" name="first_name" placeholder="First name:" />
    <input type="text" name="last_name" placeholder="Last name:" />
    <input type="submit" name="register" value="REGISTER" />
</form>

This is what I have for PHP side

function reg_validation() {    
     if ($_POST['register']) {   
        if (empty($_POST['username'])) {
            echo 'Please enter a username';
        }
        if (empty($_POST['password'])) {
            echo 'Please enter a password';
        }
        if (empty($_POST['confirm_password'])) {
            echo 'Please confirm your password';
        }
        if (empty($_POST['email'])) {
            echo 'Please enter an email address';
        }
        if (empty($_POST['first_name'])) {
            echo 'Please enter your first name';
        }
        if (empty($_POST['last_name'])) {
            echo 'Please enter your last name';
        }
    }
}

Hint: You're using `$_POST` twice -> `$_POST($_POST['confirm_password'])`, this will most likely fail. You should use `$_POST['confirm_password']`. Also, if this code works, but you want to know what you could do better, you should head to codereview.stackexchange.com, since this isn't about a code that fails but about codereview. — KhorneHoly, Dec 30 '16 at 14:40
Why are you doing `$_POST($_POST['last_name'])`instead of `$_POST('last_name')`? — Raf, Dec 30 '16 at 14:40
`$_POST` is _not_ a function! This certainly should through an error... — arkascha, Dec 30 '16 at 14:40
^ yeah `$_POST($_POST` is failing here. What you have now will never work. — Funk Forty Niner, Dec 30 '16 at 14:41
Do you know Javascript? There are excellent libraries for form validation before the data is even submitted to your server. — wogsland, Dec 30 '16 at 14:42
@wogsland Don't do all of your validation on the client site. Sure you can do it, but it's important to validate it server site too. The client could can be manipulated. — KhorneHoly, Dec 30 '16 at 14:43
Yeah sorry sorry about the double $_POST just a copy paste fail — Ash, Dec 30 '16 at 14:50
You should *always* validate on the server-side. Client-side validation is just decoration for the user experience. — Jay Blanchard, Dec 30 '16 at 15:00
There are either too many possible answers, or good answers would be too long for this format. Please add details to narrow the answer set or to isolate an issue which can be answered in a few paragraphs. I would suggest you find a development forum (perhaps [Quora](http://www.quora.com/Computer-Programming)?) to work out generalities. Then, when/if you have specific coding issues, come back to StackOverflow and we'll be glad to help. — Jay Blanchard, Dec 30 '16 at 15:02
This question is attracting too many bad answers (the downvoted ones) that are not even closely related to the question, it's also too broad a question and questions as such tend to attract bad / wrong answers. — Funk Forty Niner, Dec 30 '16 at 15:08

Andrew Larsen · Answer 1 · 2016-12-30T15:04:27.670

<?php

function reg_validation() {    
    if (isset($_POST['register'])) {
        $expectedFields = array(
            'username', 'password', 'confirm_password', 'email', 'first_name', 'last_name'
        );

        foreach ($expectedFields as $value)
            if (!array_key_exists($value, $_POST) || empty($_POST[$value]))
                return false;

        return true;
    }

    return false;
}

?>

Don't know if I misunderstood your question in my last answer, so here is another suggestion. Code is not tested, so it may contain minor typos.

In this suggestion we store all field names in an array an loop through the array and checks if any of the field names is not a key in the post array.

So this function will return true if all fields is found in post data or false if not.

Im going to try this out and see if I can get it to work – Ash Dec 30 '16 at 16:29 — Ash, Dec 30 '16 at 16:29

Andrew Larsen · Accepted Answer · 2016-12-30T15:06:42.657

<?php

if (isset($_POST['register'])) {
    try {
        if (empty($_POST['username']))
            throw new Exception('missing_username');
        else if (empty($_POST['password']))
            throw new Exception('missing_password');
        else if (empty($_POST['confirm_password']))
            throw new Exception('missing_confirm_pass');
        else if (empty($_POST['email']))
            throw new Exception('missing_email');
        else if (empty($_POST['first_name']))
            throw new Exception('missing_firstname');
        else if (empty($_POST['last_name']))
            throw new Exception('missing_lastname');

        // do something if all fields are filled
    } catch (Exception $e) {
        $errorArray = array(
            'missing_username' => 'Please enter a username',
            'missing_password' => 'Please enter a password',
            'missing_confirm_pass' => 'Please confirm your password',
            'missing_email' => 'Please enter an email address',
            'missing_firstname' => 'Please enter your first name',
            'missing_lastname' => 'Please enter your last name'
        );

        if (isset($errorArray[$e->getMessage()]))
            echo $errorArray[$e->getMessage()];
    }
}

?>

I like to do it this way, don't know what everyone else thinks about it.

By using try catch, we don't neccessarily need a function to return, since we instead can throw an exception to break from the try section.

There is no "I like too do it this way" without a why. A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. — Jay Blanchard, Dec 30 '16 at 15:01

Is there a better way to validate my form? PHP

2 Answers2