Validation, validating, everything :S
Introduction
I love writing tutorials a bit loosly, but still validation is possibly the only thing programming might be all about in the end. Especially when programming PHP you might find that in the end it might possibly be all about validation. Validating conditions, values, and sometimes even your own code :S
PHP is mostly condition based. If something is true or a specific value then we should do this or that. And to make sure our "assumed" conditions are correct we need to validate some more in this case the provided values.
Luckly PHP offers allot of methods to validate values, conditions and code. In this tutorial I would like to show you how you can validate values, conditions and some pretty amazing ways of doing so.
IF condition? Huh?
Many of you have seen the IF condition and pretty well know how to apply it. So if the average person sees something like
if(!empty($var){
$option = $var;
}else{
$option = false;
}
They all know the results.
Validations using the IF statement can be done in different manners depending on what you like to validate. In the end the IF statement will be used in most cases to make decisions in the code, but also to check ourselves and others to make sure our code does what was expected. But to make the subject clear we need to understand how we can apply the IF statement efficiently and when to apply it. Also we need to make a difference between Data validation and Conditional Validation. Ill start demonstrating various ways of conditional validation using mainly the IF statement. Then ill jump in to Data validation showing some nice features of PHP on its way.
Conditional Validation
In the previous paragraph I have shown you one basic Conditional validation written down in two different manners what will effectively do the same. Differences are in how many writing you need to do to get it done, and in what situation you are in that defines if this type of validation is even possible.
To get in the depth of this will create some basic situations that will hopefully explain.
Into the oblivious depth
One thing you prob are going to face quite directly is validating multiple conditions that depend on each other to be successfull. For instance, a way to validate something…
$n = 1;
if($n == 1){
$a = 3;
}elseif($n == 2){
$a = 4;
}
echo $a;
In this example the functional explanation would be something like, We have only two possibilities for var $n either 1 or 2. If var $n turns out to be 1 then we will make var $a 3, in the other situation where var $n turns out to be 2 we definitely need to make var $a 4.
If we look at this code we can ask ourselves a multiple of questions. Is this the most efficient way? Is it true what we say here? Are we taking enough measures to make sure only these conditions exist? Or should we make sure other options are handled properly?
On the first question we could rewrite this code and maybe make it more compact or logical or efficient? Lets have a look.
$n = 1;
if(($n == 1) || ($n == 2)){
$a = ($n == 1) ? '3' : '4';
}
echo $a;
You might have noticed that the code in this little example is indeed a bit shorter. But there are still problems with this code. As in the previous example we are not sure that our option will always be either 1 or 2. But also the code written there can become quite confusing. What the hell is that question mark doing in there for instance, what is the meaning of the double pipe || and why use all the brackets in there (() ()) ?
To explain a bit more, programming has allot to do with math. Allot of the syntax looks allot like formula`s explained a bit differently. To explain I will explain starting with all these fancy brackets in there..
In math when we want to show a calculation needs to be done first and we need that result to finish the rest of the formula we use brackets. For instance
(3x4)+5 meaning the result of 3 x 4 which is 12. The formula could also be written like 12 + 5 = 17. In PHP we tend to do the same thing. Just to make sure no unexpected results are returned to us. So in this example.
If( ($n == 1) || ($n == 2)){
We actually are instructing PHP to solve the questions first then do something else with them. Recap. This means;
Solve the questions if($n == 1) and if($n == 2) first, then solve the question we are actually asking you to solve in our if statement. In math this would look something like;
true = ((n = 1) or (n = 2))
To understand the double pipe in there || we need to show you some operands. In IF statements (so while validating) you can use a few operands to validate multiple questions. Here are a few.
! NOT
|| OR
&& AND
== Equals to
!= Not Equal to
=== Is exactly
> Larger then
< Smaller then
<= Is equal to or smaller then
>= Is equal to or larger then
So evaluating these operands, and noting that || is indeed or the first rule in our codeblock states exactly this;
true = ((n = 1) or (n = 2))
But considering the first example this is not the whole question. To bring it back in mind, the question actually was more like;
$n = 1;
if($n == 1){
$a = 3;
}elseif($n == 2){
$a = 4;
}
echo $a;
So we basically covered the if($n == 1){ }elseif($n==2){ }. But we still need to assign the value to $a which basically needs another validation on our part. Because at this point we only validated if the value was either 1 or 2. So that is what the next rule does. This one rule also looked very akward and we will explain in a sec, but first the code;
$a = ($n == 1) ? '3' : '4';
Basically this is another way of saying this fully written.
if($n == 1){
$a = '3';
}else{
$a = '4';
}
and maybe you have guessed by now, If so your quite bright because most people do understand but don't see it. Let me take the liberty of explaining the characters used in there.
? Then
: Else
So basically we do want to assign something to $a but we are not quite sure what at this point. So we basically instruct PHP to answer the question ( ) first and then make a decision based on its outcome. The decision to make is explained to PHP using the question mark and doubledot ( ? : )
Pretty neat way indeed to do some validation. But considering our initial questions. Was this indeed a very efficient way of validating? To find out we need to look at what PHP needs to do to get the final answer. And to get this insight we actually need to write it out fully so we can see what is happening here.
So this is what we had…
if($n == 1){
$a = 3;
}elseif($n == 2){
$a = 4;
}
We wanted a shorter script so we turned it into this…
if(($n == 1) || ($n == 2)){
$a = ($n == 1) ? '3' : '4';
}
But in fact we instructed PHP to do this…
if(($n == 1) || if($n == 2){
if($n == 2) {
if($n == 1){
$a = 3;
}else{
$a = 4;
}
}
/* And what is happening in the top there? Myea indeed */
if($n == 1){
if($n == 1){
$a = '3';
}
}elseif($n == 2){
if($n == 2){
$a = '4';
}
}
Recap.
So eventually the most efficient way would be to validate this little baby like this..
if($n == 1){
$a = 3;
}else{
$a = 4;
}
But then again is this assumption correct? What are we actually saying here? Well quite frankly we are pointing out the problem in the previous validations. And this is purely hypothetical. We are actually assuming that $n will always be either 1 or 2. And now we must wonder. What "if" this is not true. What if someone rewrote your code and introduces an illegal 3 in the mix?
Well now the fun is starting. Because in all previous examples you'll probably get the error that $a in an undeclared variable. And your code might crash. And what about the last example?
Well in the last example the code might finish correctly or not depending on the question if $n is used somewhere else in the code and might result in even bigger problems. For instance $n is an user id which we are using to query all his user specific information. And $a is a reference to a user table that you needed to split up because there are too many users in there. In this case user 3 will get all the data of "a" user in table 4. Again this is purely hypothetical and doesn't reflect reality at all, but consider to possibilities you potentially are opening up there.
To solve this we need Data Validation. Yea we actually need to validate data and data types before we are validating it further in a conditional validation. We need to make sure one of the valid conditions are met or we need to find a way to deal with it properly like thus;
if($n == 1){
$a = 3;
}elseif($n == 2){
$a = 4;
}else{
$a = false;
}
Or
if(($n == 1) || ($n == 2)){
$a = ($n == 1) ? '3' : '4';
}else{
$a = false;
}
Do keep in mind that in most cases you are doing conditional validation for a reason. And this needs thought. Think your validations out in advance to reduce the change of making mistakes. You can do so by actually telling the story your script is going to tell later on. It will also make clear when to validate what en when to not validate the obvious at all. For example
User logging in.
If all the information is there and correct
We first validate username against the database.
if username doesn't exist we spawn a nice error.
If there is exactly one row returned we validate the returned password
(ow damn we need to create an md5 string somewhere because md5 is returned by the db)
if both username and password match up we simply return "true"
(So we prob need to write a function instead of a script)
(Maybe we want to add a random string against robots etc)
Validation that you don't expect?
Some validation is also done in spaces you might not expect it to be conditional validation. For instance in Loops, again these are conditional validations.
For instance in a while loop.
while($condition == false){
if($condition == false){
$condition = true;
}
}
"While" $var equals to "false" continue the loop.
Or in a For loop.
for($n = 1; $n < 10; $n ++){}
For $var starts with 1; stop when $var higher then 10; with each loop add one to $var.
same goes with do{ some thing }while(condition);
and all other loops.
Conditional validation also takes place in most prepared functions. Usually (assuming this might not always be true) all PHP functions will eventually give something return. In example if you are fetching multiple rows from a database. The function will behave like a false validation until the end of the fetch is reached. Example
while($row = mysql_fetch_array($result){
}
You are actually stating something like " As long as we actually are getting results from this function continue executing up till the point the function gives us a false as return value. This type of validation is used in many ways as you will notice now, because we will deal with some data validation now, which also needs the conditional validation.
Data Validation
To open this little subject I intentionally made an error in all our previous example compared to the original. Maybe if you are a experienced programmer you might have noticed I executed a Data-type conversion in the second example code and continued using that.
If you can't figure out what it is? Well I converted an Integer to a string by using the literal single quotes. You might not think so but mistakes like that are usually forgiven in PHP it being a very forgiving programming language. But it can also introduce quite time consuming problems when you are trying to validate you values correctly. In this case this little typo will make the difference between validating the given value as either is_int() or is_number(). Before we will jump into this one I will first explain some stuff about data-types.
A data-type is the definition about a value. Simply stated, if you see 1 you will identify this as a number, and if you see an A you will identify this as an letter. And this is pretty much where the human need for identification stops. In computer languages this is not the case. To explain to in a very short manner. Considering this as an fact.
Your processor can only do 1 and 0 and to be able to handle bigger numbers as either 1 or 0 they invented the binaries. Now we tell this object that is only able to interpret 1 and 0s to calculate something like 0.000001 + 0.000003. Which are called floats in programming world. Now we truly have a problem. That "thing" only understands 1s and 0s… So how do we solve this?
Simple how we would in math with huge numbers, remove the dot and remember its place. Next we apply basic math rules to calculate this "huge" number like 0000001 + 0000003, and because we have allot of leading zeros we might as well remember those as well and finaly only calculate 1 + 4 = 4 and put all the junk in front of it back so no-one will notice ie. 0.000004. The problem is our "programming language" should be aware to apply these rules. So we need to tell it it is dealing with a "special" kind of value on which it should apply "special" rules to solve the initial question.
On our previous example what is the difference to either a string "1" or an integer. Well a string references to the ASCII table and is in fact an byte long hexadecimal noted reference. And an integer is in fact that a nBits long integer. Again PHP is very forgiving this wont be the fact in languages like C or ASM that will punish you dearly for mistakes like that. And to make sure this doesn't happen to our ingenious code we need to validate this…
Now what types of data do we have and how do we recognize them?
In fact allot but PHP integrates allot of them into one type (I referenced from the PHP manual)
PHP : Floating Point Numbers
$a = 1.234;
$a = 1.2e3;
$a = 7E-10;
PHP : Integers
$a = 1234; normal decimal
$a = -123; negative decimal
$a = 0123; ocatal! (equal to 83 decimal)
$a = 0x1A; Hexadecimal number (equal to 26 decimal)
PHP : Booleans (true or false)
$a = False; (Boolean self)
$a = True; (Boolean self)
$a = ''; (empty sting == false)
$a = 'value' (declared string == true)
$a = 0; (interger 0 == false)
$a = 1; (interger 1 == true)
$a = array() (an empty array == false)
$a[1] = 1; (an array with elements == true)
$a = NULL; (special NULL type will validate as false)
$a = simple_xml (xml objects with empty tags == false)
PHP : Strings
$a = 'false';
$a = 'true';
$a = '1';
$a = '0';
$a = 'hello world';
All data within single or dubble quotes are considered strings and will validate true!
PHP : Arrays
A variable containing multiple values or key ordered multiple values and or new arrays
$a[] = 'value';
$a = array('welcome', 'world');
$a = array('key' => 'value', 'otherkey' => 'value')
$a = array('key => array('key' => 'value', 'key' => 'value'), 'otherkey' => 'value))
PHP:Objects.
Initialized classes as objects with a variable as reference to the initialized object. I wont spend to much time on this in this tutorial.
$object = new objectname($constructor_properties);
PHP:Resources
Pointers/handlers to special datacollections like files, database connections or image canvas areas. Converting this is highly unusual but validation might help you create stabeler code.
$im = @imagecreate(110, 20);
$file = fopen('file.txt', 'r');
$res = mysql_connect($h, $u, $p);
PHP:NULL
Special introduced datatype to indicate that a variable is still not set with a value.
$a = NULL /* We are going to use it but not at this point… */
Remark:
Php also knows pseudo-types to callback methods and do other fancy stuff. Go to the PHP manual to get the correct references for these data-types
Now you wonder, isn't this all too obvious? Well then I ask you, is it really? Hehe, obviously to you it might be. To PHP not in all cases. And it lets allot to chance not to think this over. So lets do think this over 😉
We have a condition we would like to validate.
if($a == 0){
}
Using the given data types in the previous code block, we can wonder. What exactly is "$a" too PHP? Is this a integer? No? Ow wait this might as well be a Boolean… Or maybe it's a string? Nah It couldn't be a string else we would validate it more like this.
if($a == '0'){
}
Oke fair enough. And nah… it couldn't be a Boolean because it would be more effective to validate it that way. So in that case I would obviously validate it like;
if($a){
}
Well, now the true question, did you ever think this over while writing your code? And did you ever wonder that it now is by chance that your code works fine? Or is it planned carefully by you the programmer? No one will ever know, and frankly I too still make these mistakes 😉 and yet again PHP is very forgiving on the subject. But on occasion it actually does punish!
On this subject I didn't want to spend to much time on the long run, and just intended to make you think this over. In the end it will make your life allot easier thinking these things over 😉 and just wanted to skip over to the actual validation where PHP has really adopted allot of data-type and data validation functions from c++. Yes learning PHP will make it easier for you to eventually end up learning and actually coding c++. In the next example we will show you some different means to validate your variables within a conditional validation.
In this tutorial I don't want to walk you through all the possible validations possible on data-types and data-formatting because this would simply make this tutorial to long. What I do want to point our is the different ways to validate these values and make you think it over.
To point the differences out we will be validating a simple "empty" variable. If the given variable is empty we simply echo that fact.
if(!$a){
echo '$a = empty!';
}
if($a == ''){
echo '$a = empty!';
}
if(empty($a)){
echo '$a = empty!';
}
if(strlen($a) < 1){
echo '$a = emtpy';
}
As you can see we are validating the code over and over again, and if $a indeed doesn't contain any data all examples will echo this fact. So in most cases this all will work perfectly. But we still need to consider "what" we are asking in the code. What is it we are in fact validating? Sure, "Is the string empty". But are we really now?
No we are asking the following questions here
- Is $a not true?
- Is $a an empty string? (NULL)
- Is $a Empty? (data type not specified)
- Is the length of $a shorter then 1?
In this case we are making allot of assumptions about the variable $a. And we should really ask ourselves, what the heck is $a? is it truly a Boolean? Is it an string? Is our goal to check the data-formatting? Or don't we exactly know what $a is and should we in this case use empty() 'most used btw'. And next consider the question. What does the PHP engine need to do to make this decision? Does it consume allot of additional processor power? Who knows…
A tip from my side, take values in consideration. Decide whether you would like to validate the Data-type its self? Or is it in fact the data-format we like to validate. For instance our database field is VARCHAR(10), maybe it would be nice to validate strlen($string) < 10 to make sure our script doesn't crash there. Or maybe it would be nice that our given phone number doesn't contain any @#$$ signs that eventually don't make any sense at all. Or validate true content of predefined conditions we need to make the overall script work.
Conclusion
Validation can become fairly complex in the long run. Doing thing correct might be more of a pain at times and sometimes to much of a pain. Fact is that we do need to think our validations over in detail, and this might result in a script that actually doesn't use a work around because unexpected type casting occurs in it. PHP is forgiving, but also considered a weak written language because of this fact. Not because PHP doesn't offer you the options to actually do validation and declaration, but because it allows you to do it not at all. Be careful about the questions you are asking in these validation and how this can be interpreted in the long run causing all kind of havoc 😉
-Hope this helped a bit. I you need help on specific subjects just refer to the available forum!
This page was published on It was last revised on