String Length Validation In a Web Form with PHP

In this article, we will show how you can perform string length validation in a web form with PHP.

First, what is string length validation and why is it important?

String length validation is measuring the length of a string entered into a text box and making sure that it doesn't go under the minimum length or that it doesn't exceed the maximum length. It is important because let's say, for example, you have members sign up on your website, you may want to limit the length of the username and password a user can have. Having a member sign up with a username or password of 1 or 2 or 3 characters is too short, and could present a security issue. More than likely, we want the username and password to be at least 6 characters in length but not more than, say, 20 characters, because we don't want them to be too long.

Look at the example below.

The username and password must be between 6 and 15 characters. Below this, it will tell the user that the username or password is too short. Above this limit, it will tell you that the username or password is too long.

Please create a username:

Please create a password:

So how do we create this form above and provide output back if the username is too short or too long?

Coding

HTML Code

The HTML code to create the form above, the 2 text boxes and the 'Enter' button, is:

<a name="answer"></a> <form action="#answer" method="POST"> Please create a username: <input type="text" name="username" value='<?php echo $username; ?>'/><?php echo $output; ?><br> Please create a password: <input type="password" name="password" value='<?php echo $password; ?>'/><?php echo $output2; ?><br> <input type="submit" name="enterbutton" value="Enter"/><br> </form>

This HTML code creates the username and password text boxes, as well as the 'Enter' button.

PHP Code

The PHP code to retrieve the user-entered information, measures the length of the strings, and then outputs the appropriate feedback to the user, so that he can know if he's making any mistakes:

<?php $username= $_POST['username']; $password= $_POST['password']; $enterbutton= $_POST['enterbutton']; $usernamelength= strlen($username); $passwordlength= strlen($password); if (isset($enterbutton)){ if ($usernamelength < 6){ $output= "<br><redtext> Invalid username. Username must be at least 6 characters</redtext>"; } if ($usernamelength > 15){ $output= "<br><redtext'> Invalid username. Username cannot be greater than 15 characters</redtext>"; } if ($passwordlength < 6){ $output2= "<br><redtext> Invalid password. Password must be at least 6 characters</redtext>"; } if ($passwordlength > 15){ $output2= "<br><redtext> Invalid password. Password cannot be greater than 15 characters</redtext>"; } } ?>

The $username and $password variables retrieve and store the values of the information the user has entered into the username textbox and the password textbox. The $enterbutton retrieves the information from the 'Enter' button. Through this variable, we can determine if the 'Enter' button has been clicked or not.

The $usernamelength variable stores the value of the length of the string of the username and the $passwordlength variable stores the length of the password.

In the first if statement, if (isset($enterbutton)){, we do the following functions only if the 'Enter' button has been clicked. The remaining if statements check to determine if the length of the username and password are below 6 or above 15 characters. If they are, the appropriate message is output to the user. If the username and password are between 6 and 15 characters, then no message is output to the user, because the user correctly chose a username and password.

This is how most web forms handle validation. They output red text usually to a user, only if a form field has been incorrectly filled out. If not, there are no messages.

Notice that the output statements have <redtext></redtext> around them. In the CSS code, this tag makes the text red, standing out more to alert the user that the form has been incorrectly filled out.