24 PHP Form Validation Snippets/Functions


<?php
/**
 * 24 Form Validation Snippets
 *
 * This is a group of snippets from {@link http://hungred.com/useful-information/php-form-validation-snippets/}
 * that provide useful ways to validate form data.
 *
 * This file CANNOT be used as-is because of the duplicate function names.
 * They are meant to illustrate different ways of accomplishing the same thing and
 * show alternative/better methods for some functions.
 *
 * Beyond validation, I highly recommend using PHP's PDO class and the bindParam() method
 * that provides additional SQL Injection prevention.
 */

/**
 * Validate Email
 * We can perform an email validation through this function.
 */
function isValidEmail($email){
    return preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i', $email);
}
// PHP 5.2 and above.
function fnValidateEmail($email){
    return filter_var($email, FILTER_VALIDATE_EMAIL);
}

/**
 * Sanitize Email
 * We can further sanitize our email to ensure that everything is alright.
 */
function fnSanitizeEmaill($string){
    return preg_replace( '((?:\n|\r|\t|%0A|%0D|%08|%09)+)i' , '', $string );
}
// PHP 5.2 and above.
function fnSanitizeEmaill($url){
    return filter_var($url, FILTER_SANITIZE_EMAIL);
}

/**
 * Validate Email Exist
 * This is not possible but certain validation can be use to validate email existence.
 * NOTE: This function uses eregi, which is DEPRECATED as of PHP 5.3.
 */
function check_email($email){
    $email_error = false;
    $Email = htmlspecialchars(stripslashes(strip_tags(trim($email)))); //parse unnecessary characters to prevent exploits
    if ($Email == '') { email_error = true; }
    elseif (!eregi('^([a-zA-Z0-9._-])+@([a-zA-Z0-9._-])+\.([a-zA-Z0-9._-])([a-zA-Z0-9._-])+', $Email)) { email_error = true; }
    else {
    list($Email, $domain) = split('@', $Email, 2);
        if (! checkdnsrr($domain, 'MX')) { email_error = true; }
        else {
            $array = array($Email, $domain);
            $Email = implode('@', $array);
        }
    }
    if (email_error) { return false; } else{return true;}
}

/**
 * Validate Number Only
 * We can use PHP built-in function to validate whether a given value is a number.
 */
function fnValidateNumber($value){
    #is_ double($value);
    #is_ float($value);
    #is_ int($value);
    #is_ integer($value);
    return is_numeric($value);
}
// PHP 5.2 and above.
function fnValidateNumber($value){
    #return filter_var($value, FILTER_VALIDATE_FLOAT); // float
    return filter_var($value, FILTER_VALIDATE_INT); # int
}

/**
 * Sanitize Number
 * We can force all value to be only numeric by sanitize them.
 */
function fnSanitizeNumber($str){
    #letters and space only
    return preg_match('/[^0-9]/', '', $str);
}
//PHP 5.2 and above.
function fnSanitizeNumber($value){
    #return filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); // float
    return filter_var($value, FILTER_SANITIZE_NUMBER_INT); # int
}

/**
 * Validate String Only
 * Sometimes to validate name we can use this function to restrict only letters and spaces.
 */
function fnValidateStringr($str){
    #letters and space only
    return preg_match('/^[A-Za-z\s ]+$/', $str);
}

/**
 * Sanitize String
 * We can sanitize it instead of validate user input.
 */
function fnSanitizeStringr($str){
    #letters and space only
    return preg_replace('/[^A-Za-z\s ]/', '', $str);
}
// PHP 5.2 and above. built-in function by PHP provides a much more powerful sanitize capability.
function fnSanitizeStringr($str){
    return filter_var($str, FILTER_SANITIZE_STRIPPED); # only 'String' is allowed eg. '<br>HELLO</br>' => 'HELLO'
}

/**
 * Validate Alphanumeric Characters
 * This validates alphanumeric characters.
 */
function fnValidateAlphanumeric($string){
    return ctype_alnum($string);
}

/**
 * Sanitize Alphanumeric Characters
 * This sanitize alphanumeric characters. eg. “HELLO! Do we have 90 idiots running
 * around here?” => “HELLO Do we have 90 idiots running around here”
 */
function fnSanitizeAlphanumeric($string){
    return preg_replace('/[^a-zA-Z0-9]/', '', $string);
}

/**
 * Validate URL Exist
 * This function will check whether a given URL exist and not only validate it.
 */
function url_exist($url){
    $url = @parse_url($url);
    if (!$url)
    {
        return false;
    }
    $url = array_map('trim', $url);
    $url['port'] = (!isset($url['port'])) ? 80 : (int)$url['port'];
    $path = (isset($url['path'])) ? $url['path'] : '';
    if ($path == '')
    {
        $path = '/';
    }
    $path .= (isset($url['query'])) ? '?$url[query]' : '';
    if (isset($url['host']) AND $url['host'] != @gethostbyname($url['host']))
    {
        if (PHP_VERSION >= 5)
        {
            $headers = @get_headers('$url[scheme]://$url[host]:$url[port]$path');
        }
        else
        {
            $fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);
            if (!$fp)
            {
                return false;
            }
            fputs($fp, 'HEAD $path HTTP/1.1\r\nHost: $url[host]\r\n\r\n');
            $headers = fread($fp, 4096);
            fclose($fp);
        }
        $headers = (is_array($headers)) ? implode('\n', $headers) : $headers;
        return (bool)preg_match('#^HTTP/.*\s+[(200|301|302)]+\s#i', $headers);
    }
    return false;
}

/**
 * Validate URL Format
 * This function will validate a given url to ensure the format is correct.
 */
function fnValidateUrl($url){
    return preg_match('/^(http(s?):\/\/|ftp:\/\/{1})((\w+\.){1,})\w{2,}$/i', $url);
}
// PHP 5.2 and above.
function fnValidateUrl($url){
    return filter_var($url, FILTER_VALIDATE_URL);
}

/**
 * Sanitize URL
 * PHP 5.2 and above.
function fnSanitizeUrl($url){

    return filter_var($url, FILTER_SANITIZE_URL);
}

/**
 * Validate Image Exist
 * This function will check whether a given image link exist and not only validate it.
 */
function image_exist($url) {
    if(@file_get_contents($url,0,NULL,0,1)){return 1;}else{ return 0;}
}

/**
 * Validate IP Address
 * This function will validate an IP address.
 */
function fnValidateIP($IP){
    return preg_match('/^(([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]).){3}([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/',$IP)
}
//PHP 5 and above. This can also specific validation for IPV4 or IPV6.
function fnValidateIP($ip){
    return filter_var($ip, FILTER_VALIDATE_IP);
}

/**
 * Validate Proxy
 * This function will let us detect proxy visitors even those that are behind anonymous proxy.
 */
function fnValidateProxy(){
    if ($_SERVER['HTTP_X_FORWARDED_FOR']
       || $_SERVER['HTTP_X_FORWARDED']
       || $_SERVER['HTTP_FORWARDED_FOR']
       || $_SERVER['HTTP_VIA']
       || in_array($_SERVER['REMOTE_PORT'], array(8080,80,6588,8000,3128,553,554))
       || @fsockopen($_SERVER['REMOTE_ADDR'], 80, $errno, $errstr, 30))
    {
        exit('Proxy detected');
    }
}

/**
 * Validate Username
 * Before we validate whether a given username is matches the one in our database, we can
 * perform a validation check first to prevent any unnecessary SQL call.
 */
function fnValidateUsername($username){
    #alphabet, digit, @, _ and . are allow. Minimum 6 character. Maximum 50 characters (email address may be more)
    return preg_match('/^[a-zA-Z\d_@.]{6,50}$/i', $username);
}

/**
 * Validate Strong Password
 * Another good thing is to validate whether a particular password given by the user is
 * strong enough. You can do that using this function which required the password to have
 * a minimum of 8 characters, at least 1 uppercase, 1 lowercase and 1 number.
 */
function fnValidatePassword($password){
    #must contain 8 characters, 1 uppercase, 1 lowercase and 1 number
    return preg_match('/^(?=^.{8,}$)((?=.*[A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z]))^.*$/', $password);
}

/**
 * Validate US Phone Number
 * This function will validate US phone number for US users.
 */
function fnValidateUSPhone($phoneNo){
    return preg_match('/\(?\d{3}\)?[-\s.]?\d{3}[-\s.]\d{4}/x', $phoneNo);
}

/**
 * Validate US Postal Code
 * This function validate US postal code.
 */
function fnValidateUSPostal($postalcode){
    #eg. 92345-3214
    return preg_match('/^([0-9]{5})(-[0-9]{4})?$/i',$postalcode);
}

/**
 * Validate US Social Security Numbers
 * This function validate US Social Security Numbers.
 */
function fnValidateUSSocialSecurityCode($ssb){
    #eg. 531-63-5334
    return preg_match('/^[\d]{3}-[\d]{2}-[\d]{4}$/',$ssn);
}

/**
 * Validate Credit Card
 * This function validate credit card format.
 */
function fnValidateCreditCard($cc){
    #eg. 718486746312031
    return preg_match('/^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})$/', $cc);
}

/**
 * Validate Date
 * This is a date format MM-DD-YYYY or MM-DD-YY validation which validate from year 0000-9999.
 */
function fnValidateDate($date){
    #05/12/2109
    #05-12-0009
    #05.12.9909
    #05.12.99
    return preg_match('/^((0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01])[- /.][0-9]?[0-9]?[0-9]{2})*$/', $date);
}
// This is a date format YYYY-DD-MM or YY-MM-DD validation which validate from year 0000-9999.
function fnValidateDate($date){
    #2009/12/11
    #2009-12-11
    #2009.12.11
    #09.12.11
    return preg_match('#^([0-9]?[0-9]?[0-9]{2}[- /.](0?[1-9]|1[012])[- /.](0?[1-9]|[12][0-9]|3[01]))*$#', $date);
}

/**
 * Validate Hexadecimal Colors
 * This is a good validation for people who allows their user to change color in their system.
 */
function fnValidateColor($color){
    #CCC
    #CCCCC
    #FFFFF
    return preg_match('/^#(?:(?:[a-f0-9]{3}){1,2})$/i', $color);
}

/**
 * Make Query Safe
 * This function help sanitize our data to be SQL injection safe.
 */
function _clean($str){
    return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES));
}
//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..

/**
 * Make Data Safe
 * This function help to keep us protected against XSS, JS and SQL injection by removing tags.
 */
function _clean($str){
    return is_array($str) ? array_map('_clean', $str) : str_replace('\\', '\\\\', strip_tags(trim(htmlspecialchars((get_magic_quotes_gpc() ? stripslashes($str) : $str), ENT_QUOTES))));
}
//usage call it somewhere in beginning of your script
_clean($_POST);
_clean($_GET);
_clean($_REQUEST);// and so on..


/**
 * Summary
 * A paranoid way to perform a form validation would be to validate first then sanitize
 * your values for precautions.
 */