Learn

Introduction to PHP Form Validation

Validating Against Back-end Data

Because modern websites and web applications need to store a lot of data, they usually interact with databases on the back-end. A common type of custom validation involves comparing user input against information in the database. In this exercise, we’ll practice validating against back-end data using PHP arrays to stand in for complicated databases.

An important application of this kind of validation is handling the creation of a user’s account. Before creating the account, it is very important to check that a submitted username isn’t already being used by someone else! In order to do this, we’ll need to check the database for that username.

In the example below, we model the database of users with the associative array $users, which contains keys in the format "username" => "password".

$users = ["coolBro123" => "password123!", "coderKid" => "pa55w0rd*", "dogWalker" => "ais1eofdog$"];

function isUsernameAvailable ($username){
  global $users;
  if (isset($users[$username])){
    echo "That username is already taken.";
  } else {
    echo "${username} is available.";
  }
}

isUsernameAvailable("coolBro123");
// Prints: That username is already taken. 

isUsernameAvailable("aisleOfPHP");
// Prints: aisleOfPHP is available.

The above function isUsernameAvailable uses the built-in function isset() to check if a given $username exists in the $users array. In production, this check would be done by querying the database.

Instructions

Take a minute to familiarize yourself with the provided code. This PHP serves a log in page to users. We declared five variables at the top of the PHP:

$users is an associative array with usernames and passwords as key=>value pairs. In production, this type of information would likely be stored in a database.
$feedback is the text we’ll show to the user depending on whether or not they were able to successfully log in.
$message is the message we’ll provide as feedback if log-in was successful.
$validation_error is the error we’ll provide as feedback if their username or password is incorrect.

Once you have a handle on the provided code, run the program and test the form to see how it currently works.

If the form has not been submitted, your PHP code shouldn’t do anything.

Write an if statement that checks the form has been submitted by checking the value of the "REQUEST_METHOD" key on the $_SERVER array.

Within the if block, reassign the $username variable to the value of the "username" key on the $_POST array.

Declare a new variable $password and assign to it the value of the "password" key on the $_POST array.

If a form has been submitted (after $username and $password have been assigned), you’ll need to take two additional steps to validate the user’s login.

First you’ll need to check that the username exists in the “database”. A username is considered valid if it exists as a key within our $users array.
You’ll also need to check that the password provided by the user equals the value of that username key in the $users array.

If both of those criteria are met, you should consider the login successful and assign $feedback the value of $message. Otherwise, you should assign $feedback the value of $validation_error.

Awesome! Your code should be working properly. Test it with valid and invalid logins to make sure.

Did you notice we did a couple things differently in this form?

We didn’t assign the value attribute of the "password" input to the user’s password submission.
We didn’t give specific feedback about whether it was an invalid username or a bad password that caused the login to fail.

Why do you think we did those things? Check out the hint for an explanation.

Take this course for free

Or sign up using:

Already have an account?