Recently i have involve myself in another application development. Regular Hungred Dot Com visitors will notice that the site currently offer advertisement space through this form. But really, we as a developers are always looking for such snippets or writing them out from scratch every single time regardless of how many time we know we have store it somewhere in our laptop! Man, its really frustrating searching on Google and find all sort of solution and trying to figure out whether the regular expression implemented is expensive or complete. So i came out with an idea to ease my life a bit and other developers by putting up an article such as this for my/our references. (This can be made into a class if you like to)
Validate Email
We can perform an email validation through this function.
function isValidEmail($email){
return eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', $email);
}
After fainted for a few seconds when i saw unreal4u finding, i decided to throw up preg_match solution instead.
function isValidEmail($email){
return preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i', $email);
}
PHP 5.2 and above.
function fnValidateEmail($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
Sanitize Email
We can further sanitize our email to ensure that everything is alright.
function fnSanitizeEmaill($string) {
return preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
}
PHP 5.2 and above.
function fnSanitizeEmaill($url)
{
return filter_var($url, FILTER_SANITIZE_EMAIL);
}
Validate Email Exist
This is not possible but certain validation can be use to validate email existence.
function check_email($email)
{
$email_error = false;
$Email = htmlspecialchars(stripslashes(strip_tags(trim($email)))); //parse unnecessary characters to prevent exploits
if ($Email == '') { email_error = true; }
elseif (!eregi('^([a-zA-Z0-9._-])+@([a-zA-Z0-9._-])+\.([a-zA-Z0-9._-])([a-zA-Z0-9._-])+', $Email)) { email_error = true; }
else {
list($Email, $domain) = split('@', $Email, 2);
if (! checkdnsrr($domain, 'MX')) { email_error = true; }
else {
$array = array($Email, $domain);
$Email = implode('@', $array);
}
}
if (email_error) { return false; } else{return true;}
}
Validate Number Only
We can use PHP built-in function to validate whether a given value is a number.
function fnValidateNumber($value)
{
#is_ double($value);
#is_ float($value);
#is_ int($value);
#is_ integer($value);
return is_numeric($value);
}
PHP 5.2 and above.
function fnValidateNumber($value)
{
#return filter_var($value, FILTER_VALIDATE_FLOAT); // float
return filter_var($value, FILTER_VALIDATE_INT); # int
}
Sanitize Number
We can force all value to be only numeric by sanitize them.
function fnSanitizeNumber($str)
{
#letters and space only
return preg_match('/[^0-9]/', '', $str);
}
PHP 5.2 and above.
function fnSanitizeNumber($value)
{
#return filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // float
return filter_var($value, FILTER_SANITIZE_NUMBER_INT); # int
}
Validate String Only
Sometimes to validate name we can use this function to restrict only letters and spaces.
function fnValidateStringr($str)
{
#letters and space only
return preg_match('/^[A-Za-z\s ]+$/', $str);
}
Sanitize String
We can sanitize it instead of validate user input.
function fnSanitizeStringr($str)
{
#letters and space only
return preg_replace('/[^A-Za-z\s ]/', '', $str);
}
PHP 5.2 and above. built-in function by PHP provides a much more powerful sanitize capability.
function fnSanitizeStringr($str)
{
return filter_var($str, FILTER_SANITIZE_STRIPPED); # only 'String' is allowed eg. '<br>HELLO</br>' => 'HELLO'
}
Validate Alphanumeric Characters
This validates alphanumeric characters.
function fnValidateAlphanumeric($string)
{
return ctype_alnum ($string);
}
Sanitize Alphanumeric Characters
This sanitize alphanumeric characters. eg. "HELLO! Do we have 90 idiots running around here?" => "HELLO Do we have 90 idiots running around here"
function fnSanitizeAlphanumeric($string)
{
return preg_replace('/[^a-zA-Z0-9]/', '', $string);
}
Validate URL Exist
This function will check whether a given URL exist and not only validate it.
function url_exist($url)
{
$url = @parse_url($url);
if (!$url)
{
return false;
}
$url = array_map('trim', $url);
$url['port'] = (!isset($url['port'])) ? 80 : (int)$url['port'];
$path = (isset($url['path'])) ? $url['path'] : '';
if ($path == '')
{
$path = '/';
}
$path .= (isset($url['query'])) ? '?$url[query]' : '';
if (isset($url['host']) AND $url['host'] != @gethostbyname($url['host']))
{
if (PHP_VERSION >= 5)
{
$headers = @get_headers('$url[scheme]://$url[host]:$url[port]$path');
}
else
{
$fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);
if (!$fp)
{
return false;
}
fputs($fp, 'HEAD $path HTTP/1.1\r\nHost: $url[host]\r\n\r\n');
$headers = fread($fp, 4096);
fclose($fp);
}
$headers = (is_array($headers)) ? implode('\n', $headers) : $headers;
return (bool)preg_match('#^HTTP/.*\s+[(200|301|302)]+\s#i', $headers);
}
return false;
}
Validate URL Format
This function will validate a given url to ensure the format is correct.
function fnValidateUrl($url){
return preg_match('/^(http(s?):\/\/|ftp:\/\/{1})((\w+\.){1,})\w{2,}$/i', $url);
}
PHP 5.2 and above.
function fnValidateUrl($url)
{
return filter_var($url, FILTER_VALIDATE_URL);
}
Sanitize URL
PHP 5.2 and above.
function fnSanitizeUrl($url)
{
return filter_var($url, FILTER_SANITIZE_URL);
}
Validate Image Exist
This function will check whether a given image link exist and not only validate it.
function image_exist($url) {
if(@file_get_contents($url,0,NULL,0,1)){return 1;}else{ return 0;}
}
Validate IP Address
This function will validate an IP address.
function fnValidateIP($IP){
return preg_match('/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$IP)
}
PHP 5 and above. This can also specific validation for IPV4 or IPV6.
function fnValidateIP($ip)
{
return filter_var($ip, FILTER_VALIDATE_IP);
}
Validate Proxy
This function will let us detect proxy visitors even those that are behind anonymous proxy.
function fnValidateProxy(){
if ($_SERVER['HTTP_X_FORWARDED_FOR']
|| $_SERVER['HTTP_X_FORWARDED']
|| $_SERVER['HTTP_FORWARDED_FOR']
|| $_SERVER['HTTP_VIA']
|| in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
|| @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
{
exit('Proxy detected');
}
}
Validate Username
Before we validate whether a given username is matches the one in our database, we can perform a validation check first to prevent any unnecessary SQL call.
function fnValidateUsername($username){
#alphabet, digit, @, _ and . are allow. Minimum 6 character. Maximum 50 characters (email address may be more)
return preg_match('/^[a-zA-Z\d_@.]{6,50}$/i', $username);
}
Validate Strong Password
Another good thing is to validate whether a particular password given by the user is strong enough. You can do that using this function which required the password to have a minimum of 8 characters, at least 1 uppercase, 1 lowercase and 1 number.
function fnValidatePassword($password){
#must contain 8 characters, 1 uppercase, 1 lowercase and 1 number
return preg_match('/^(?=^.{8,}$)((?=.*[A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z]))^.*$/', $password);
}
Validate US Phone Number
This function will validate US phone number for US users.
function fnValidateUSPhone($phoneNo){
return preg_match('/\(?\d{3}\)?[-\s.]?\d{3}[-\s.]\d{4}/x', $phoneNo);
}
Validate US Postal Code
This function validate US postal code.
function fnValidateUSPostal($postalcode){
#eg. 92345-3214
return preg_match('/^([0-9]{5})(-[0-9]{4})?$/i',$postalcode);
}
Validate US Social Security Numbers
This function validate US Social Security Numbers.
function fnValidateUSSocialSecurityCode($ssb){
#eg. 531-63-5334
return preg_match('/^[\d]{3}-[\d]{2}-[\d]{4}$/',$ssn);
}
Validate Credit Card
This function validate credit card format.
function fnValidateCreditCard($cc){
#eg. 718486746312031
return preg_match('/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})$/', $cc);
}
Validate Date
This is a date format MM-DD-YYYY or MM-DD-YY validation which validate from year 0000-9999.
function fnValidateDate($date){
#05/12/2109
#05-12-0009
#05.12.9909
#05.12.99
return preg_match('/^((0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01])[- /.][0-9]?[0-9]?[0-9]{2})*$/', $date);
}
This is a date format YYYY-DD-MM or YY-MM-DD validation which validate from year 0000-9999.
function fnValidateDate($date){
#2009/12/11
#2009-12-11
#2009.12.11
#09.12.11
return preg_match('#^([0-9]?[0-9]?[0-9]{2}[- /.](0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01]))*$#'', $date);
}
Validate Hexadecimal Colors
This is a good validation for people who allows their user to change color in their system.
function fnValidateColor($color){
#CCC
#CCCCC
#FFFFF
return preg_match('/^#(?:(?:[a-f0-9]{3}){1,2})$/i', $color);
}
Make Query Safe
This function help sanitize our data to be SQL injection safe.
function _clean($str){
return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES));
}
//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..
Make Data Safe
This function help to keep us protected against XSS, JS and SQL injection by removing tags.
function _clean($str){
return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', strip_tags(trim(htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES))));
}
//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..
Summary
A paranoid way to perform a form validation would be to validate first then sanitize your values for precautions. If you think the above snippets were suck or you have any good or awesome snippets to share. Please throw your comment and share with us!