How to stop user from entering only space in input PHP?

Question

I am creating a social site and in the registration code someone can enter only spaces in the input fields.

I don't want them to enter any spaces in the fields except for the password one.

I have tried a bunch of things, empty, trim, htmlentities !trim and some more I forgot. None of them worked. Some of them gave the first name the value of 1.

What am I missing?

Below is a list of things I have tried (not at the same time).

$first_name = trim(strip_tags(filter_var($_POST['first_name'], FILTER_SANITIZE_STRING)));
str_replace('  ', ' ', $first_name);

if (empty($first_name)) {
    echo "Fill in first name to sign up";
}
if (!ctype_alnum($first_name)) {
    echo "Invalid first name, it only may contain letters or digits";
}

$first_name = $_POST['first_name'] ?? '';

if (empty($first_name)) {
    echo "Fill in first name to sign up";
}
if (!ctype_alnum($first_name)) {
    echo "Invalid first name, it only may contain letters or digits";
}

$first_name = htmlentities(trim(strip_tags(filter_var($_POST['first_name'], FILTER_SANITIZE_STRING)));

if (empty($first_name)) {
    echo "Fill in first name to sign up";
}
if (!ctype_alnum($first_name)) {
    echo "Invalid first name, it only may contain letters or digits";
}

Does this answer your question? [How can strip whitespaces in PHP's variable?](https://stackoverflow.com/questions/1279774/how-can-strip-whitespaces-in-phps-variable) — Peter B, Jul 21 '20 at 15:13

score 2 · Accepted Answer · edited Jul 30 '20 at 01:36

2

Use regular expressions. The following checks it to be at least 5 symbols and contain just letters and digits;

$firstName = trim($_POST['first_name']);

if (!preg_match("/^[a-zA-Z0-9]{5,}$/", $firstName)){
  echo 'Invalid';
}

More information on preg_match() can be found here.

edited Jul 30 '20 at 01:36

Peter B

437
4
14

answered Jul 21 '20 at 15:18

NickolaS

114
5

I tried that and still got the same result. No errors or anything – Jul 21 '20 at 15:21
This is good answer and it works. @Theglee you do realize that you have to handle this somehow, not only echoing that username is wrong. the script will continue to execute and probably creating users etc. Show us how you handle those input errors. – blahy Jul 21 '20 at 15:25
do you mean it comes empty and passes ? – NickolaS Jul 21 '20 at 15:26
Oh I see it now. I had to add `die();` under the echo. – Jul 21 '20 at 15:27
if that just passes the string and goes next but doesn't show you, probably you put the output in buffer and accidentally remove. Becasue it simply can't pass this condition. Try to put die instead of echo. That way you will be sure that it went in there – NickolaS Jul 21 '20 at 15:28
If I put this `die('invalid');` it shows me the message `invalid` – Jul 21 '20 at 15:37
exactly, so now you know that problem is not in the condition. function 'die' usually is used for debugging. So dig next – NickolaS Jul 21 '20 at 15:39
Wait I don't get what you're saying. The code you gave me solves my problem – Jul 21 '20 at 15:42
yes, my point is that some of your solutions also should solve it, but you didn't see the next problem. Just don't forget to use die when debugging. That way you will be 100% sure that code actually came into that area and will be able to move further digging for the reason it doesn't work overall – NickolaS Jul 21 '20 at 15:49
Ok use die when debugging and when the site is going live still use die or use echo ? – Jul 21 '20 at 15:52
use whatever you need for your business needs, so, if there supposed to be an echo, then put back that echo. But even better to not replace the echo by die, but add new die after echo instead. Die is used just to make sure that code went where it should. And then, next if you see wrong answer, you put new die and comment the previous. And so on until you will find the problem. And don't forget to remove all 'debugging' dies when you finish your debugging ;) – NickolaS Jul 21 '20 at 16:58
I agree with @NickolaS. Perhaps you can use return instead. If you're calling this function from somewhere, you can return appropriate validation message for the users. That's the ideal approach, especially in case this is an API. Using `die()` often break templates as well. – sykez Jul 30 '20 at 01:53
That is the point. To break whatever logic exists there. To be 100% sure that code goes through needed checkpoint. This has the only purpose of debugging. Plus, later if you forget to remove some debugging die, you will see that at once as result of your script instead of jumping through returns and add another debugging layer, IMHO – NickolaS Aug 01 '20 at 20:27

score 0 · Answer 2 · answered Dec 29 '22 at 13:50

Hey i have simple solution regarding your question try one

If you want to submit only text and whitespace than use this one

<input type="text" name="Name" required pattern="[a-zA-Z ]+" >

If you want to submit number and whitespace than use this one

<input type="text" name="Name" required pattern="[0-9 ]+" >

If you want to insert text not whitespace than use this one

<input type="text" name="Name" required pattern="[a-zA-Z]+" >

Use any line according to your requirements no extra line of code or condition simple and secure

How to stop user from entering only space in input PHP?

2 Answers2