Single-field validation

Summary

Set an error message variable to MT. For each check (is the data numeric, too small, etc.):

  • Check that the error message variable is still MT. If it is...
  • Test the input data. If it fails, set the error message variable.
  • Repeat for each check.
  • Later, if error message variable is not MT, show it, and skip processing.
Situation

You have user input, from GET (the URL), or POST (a form). You want to check that it's OK.

Needs

Some user input.

Provides
  • A way to test whether the data is OK.
  • Error messages.

Check the error messages to test the first one, whether the data is OK. If there are no error messages, the data is valid.

Action
  • Create a variable for error messages. Set it to MT (empty).
  • Do the first test (e.g., test whether the variable is missing). If the test fails, set the error message.
  • If the error message is MT, do the next test (e.g., whether the variable is numeric). If the test fails, set the error message.
  • If the error message is MT, do the next test (e.g., whether the variable is less than zero). If the test fails, set the error message.
  • Repeat for all tests that are needed.
  • Later, test the error message variable. If it's not MT, show error messages. If it is MT, process the data.

Here's an example, for testing a radius.

  • $errorMessage = '';
  • // First test.
  • if (!isset($_GET['radius'])) {
  •     $errorMessage = 'Sorry, radius is required.';
  • }
  • // Do second test, if no problems so far.
  • if ($errorMessage == '') {
  •     $radius = $_GET['radius'];
  •     // Is radius numeric?
  •     if (!is_numeric($radius)) {
  •         $errorMessage = "Sorry, radius must be a number, not '$radius'.";
  •     }
  • }
  • // Do third test, if no problems so far.
  • if ($errorMessage == '') {
  •     // Range check.
  •     if ($radius <= 0) {
  •         $errorMessage = 'Sorry, radius must be more than zero.';
  •     }
  • }
  • ...
  • <body>
  •     ...
  •     <?php
  •     if ($errorMessage != '') {
  •         print "<p class='error-message'>$errorMessage</p>";
  •     }
  •     else {
  •         // Processing.
  •         ...
  •     }
  •     ?>
  • </body>
Explanation

$errorMessage is used as a flag, as well as to contain error messages. If $errorMessage is MT, there are no errors to report.

Use this test...

  • if ($errorMessage == '') {

... to avoid checking further if there is an error. Why? Here is code from above:

  1. $errorMessage = '';
  2. // First test.
  3. if (!isset($radius)) {
  4.     $errorMessage = 'Sorry, radius is required.';
  5. }
  6. // Do second test, if no problems so far.
  7. if ($errorMessage == '') {
  8.     $radius = $_GET['radius'];
  9.     // Is radius numeric?
  10.     if (!is_numeric($radius)) {
  11.         $errorMessage = "Sorry, radius must be a number, not '$radius'.";
  12.     }
  13. }

Suppose we left out line 7, the check whether $errorMessage is MT:

  1. $errorMessage = '';
  2. // First test.
  3. if (!isset($radius)) {
  4.     $errorMessage = 'Sorry, radius is required.';
  5. }
  6. // Second test.
  7. $radius = $_GET['radius'];
  8. // Is radius numeric?
  9. if (!is_numeric($radius)) {
  10.     $errorMessage = "Sorry, radius must be a number, not '$radius'.";
  11. }

If the user didn't give a radius, the program would crash on line 7:

  • $radius = $_GET['radius'];

There is no radius. The user would get an ugly PHP error message. Better to give them a message they can interpret.