Magento 2 Development Workshop Learn More

User Registration with PHP and MySQL

14 lessons

Form Validation

In this lesson, we are going to learn how to validate data that came from the user registration form. The new script that we are going to create in this lesson is responsible for data validation and error processing logic.

Make sure to check the previous lesson in order to have the user registration form in place for this lesson.

Lesson Overview

In this lesson, we are going to learn:

  • How to ensure all required fields are present
  • How to validate and check password and confirm password

Register Form

The register form that we created in the previous lesson performs two actions:

  • it redirects a user from the register.php page to the signup.php page
  • it sends the submitted data via $_POST array variable to a script with the name signup.php

Form Submission Process

The $_POST variable contains the data submitted from the form and passed to the signup.php script.

It is very easy to access form data from the $_POST variable. In order to do this, the $_POST variable should be used as an array variable with the key, that is used as the name of an input form field.

Please refer to the form for getting the right name argument of input fields.

<form action="signup.php" method="POST">
  Username: <input type="text" name="username" /><br />
  Email: <input type="text" name="email" /><br />
  Password: <input type="text" name="password" /><br />
  Confirm password: <input type="text" name="password_confirm" /><br />
  <input type="submit" value="Register" />
</form>

The names of the form input fields are:

  • username
  • email
  • password
  • password_confirm

To access data that has been submitted and available in the $_POST variable array we have to use the keys above and assign result into variables.

<?php

$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConfirm = $_POST['username'];

This will work, however if there is no data with the key used PHP will show as a warning, saying that the key doesn't exist.

Validation

For the validation, we have to verify that the data submitted from the registration form is available in the $_POST variable array and is not empty. As we don't want to allow empty values when all form input fields are required for the user registration process.

We are going to use the empty() PHP function. The function allows to check that the key of exists in the array and verify that the value is present and is not empty.

Let's assign the $_POST variable into the local $data variable.

<?php

$data = $_POST;

if (empty($data['username']) ||
    empty($data['password']) ||
    empty($data['email']) ||
    empty($data['password_confirm'])) {
    
    //do something
}

As you noticed, we used the || (OR) operator to ensure that all parameters were provided. If at least one value is empty or doesn't exists, we are going to show an error message to an user.

The die() PHP function allows to print a message in a browser and finish the script execution. The die() function usage is a temporary solution, that we will remove and use the $_SESSION variable to set the message. As for now, let's just show the message on the same page.

<?php

die('Please fill all required fields!');

Let's place the message into the if statement.

<?php

$data = $_POST;

if (empty($data['username']) ||
    empty($data['password']) ||
    empty($data['email']) ||
    empty($data['password_confirm'])) {
    
    die('Please fill all required fields!');
}

Password Validation

As for the password and password_confirm fields, we are going to check if both values are the same. We will show an error message if it is not.

<?php

if ($data['password'] !== $data['password_confirm']) {
   die('Password and Confirm password should match!');   
}

As a result, the data passed from the user registration form is checked for its presence and that the password and confirmation password match.

The signup.php script with both validations is below:

<?php

$data = $_POST;

if (empty($data['username']) ||
    empty($data['password']) ||
    empty($data['email']) ||
    empty($data['password_confirm'])) {
    
    die('Please fill all required fields!');
}

if ($data['password'] !== $data['password_confirm']) {
   die('Password and Confirm password should match!');   
}

//other logic...

In the next lesson, we are going to cover the database validation.