Free Online Courses for Software Developers - MrBool
× Please, log in to give us a feedback. Click here to login

You must be logged to download. Click here to login


MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation


MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

How to carry out server-side form validation using Regular Expressions?

This article shows a good view about developing applications in JavaScript and making use of one of its main core features: Regular Expressions.

One of the very vital aspects of the development of any software or web form has to be the validation of data. Not only does it make things easier in terms of avoiding errors, but it also helps the user in streamlining and sticking to the kind of input that we are looking for.

One very simple example of validation would be: one cannot input a value outside the range of 1 and 12 in a field meant for entering the ‘month’. Other examples that can be considered are:

  • Prevention blank values in forms (for any important and required data)
  • Ensuring the specific type of values (like phone numbers cannot contain alphabets)
  • Maintaining the format and the range of certain types of fields
  • To check if values entered match correctly (if the password is to be entered twice, they need to match each other)

What are advantages offered by form validation?

As briefly mentioned above , form validation allows us to limit the errors in processing data at later stages. Using validation, we can accept the exact type of data that we require from the user. As such, form validation can be implemented in two ways. One can be by making use of client-side validation while the other option is to go for server-side form validation. Each of these techniques presents their own set of advantages and disadvantages.

Client-side validation generally allows for quick processing as the user wouldn’t have to wait for a round-trip to the server. However, with server-side validation, it is certainly a whole lot easier in terms of validation, and that is especially true for large applications that are layered in nature. Further, not all validations can be performed with client-side validation and hence, it becomes necessary to implement server-side validation.

Regular expressions – What are they?

Regular expressions can be labeled as a highly specialized part of a programming language that are usually very simple to use. They are pretty useful in the sense that they offer exclusive tools that allow for the development of complex matching algorithms for patterns. They are also used to develop search and replace algorithms that are textual in nature. Despite the numerous advantages that regular expressions offer, they can be pretty difficult to read.

Regular expressions are generally made up of patterns that includealphabetical data, symbolic data, and even numeric data. They can also often be a combination of these types. An example of a regular expression that can be used to match an email address is demonstrated below.


A regular expression can be defined as a compact way of expressing a pattern. It mainly contains string of consecutive characters, numbers, special characters and any other element defining the pattern. These are mainly used for client side or server side form validations. The other important use is to extract a sub-string from another string etc. But we must remember that regular expressions cannot be used in all situations, like where we need to match nested data in forms of XML, HTML, JSON etc. But it is one of the most popular tools to be used in various web applications.

What are the advantages of regular expressions?

As we have already described, regular expressions can be used in variety of tasks. Some of them are mentioned below:

  • Validating user input or some other input provided on the forms
  • Validating user's email, phone etc. which follows a particular pattern
  • Validating contents provided in any forum
  • Validating SQL input to prevent SQL injection attacks

Why opt for server-side form validation over client-side validation?

It has been mentioned that both forms of validation usually possess their advantages and disadvantages. However, one of the key aspects that make the implementation of server side validation a better option is security.

A client-side validation process is pretty insecure, but server-side validation process ensures better security with immediate confirmation from the server.

Server side form validation is one of the most important parts of any web application development. It also plays an important role in the security area. The basic logic is to validate the form inputs in a more detailed level through server side programming. As we know that most of the main components of any web based application are deployed in the server, so it is always more secured to validate the form inputs using those components. And then after validation, the return result is conveyed back to the client side.

How do we implement server-side validation?

Server side validation is supported by a majority of the programming languages that are in use. For instance, you can implement it using PHP code.


Listing 1: This is the validation process


if ($_POST)
	$nam = $_POST['Name'];
	$mail = $_POST['Email'];
	$usrname = $_POST['Username'];
	$passwrd = $_POST['Password'];
	$gender = $_POST['Gender'];

	// Checking for a valid Name

	if (eregi('^[A-Za-z0-9 ]{3,20}</p>,$nam))
 $error_name='PleaseenteryourvalidName . '; 

// Checking for a valid Email address

if (eregi(' ^ [a - zA - Z0 - 9._ - ] + @[a - zA - Z0 - 9._ - ] + . ([a - zA - Z]
		2, 4
		}) < / p > , $mail))
		$valid_email = $mail;
		$error_email = 'Please enter a valid Email address.';

	// Enter a username has to be a minimum of 6 characters and maximum of 20 characters

	if (eregi('^[A-Za-z0-9_]{6,20}</p>,$usrname))
 $error_username='EntervalidUsernamewithmin6characters and maxof20characters . '; 

// Enter a password with min. 6 characters max. 20 characters

if (eregi(' ^ [A - Za - z0 - 9!@ //$%^&*()_]{6,20}</p>,$passwrd))
		$valid_password = $passwrd;
		$error_password = 'Enter valid Password min 6 Chars.';

	// Gender selection

	if ($gender == 0)
		$error_gender = 'Select your Gender';
		$valid_gender = $gender;

	if ((strlen($valid_name) > 0) && (strlen($valid_email) > 0) && (strlen($valid_username) > 0) && (strlen($valid_password) > 0) && $valid_gender > 0)
		mysql_query(" SQL insert statement ");
		header("Location: Thank you.html");


The above-defined code makes use of the eregi, which is basically used to match case-insensitive regular expressions. For e.g. eregi('z',$string) will return ‘TRUE’ if either of z or Z is found in $string.

Keeping the given example in mind, we see how the code makes use of eregi, in order to validate the fields of Name, Email, Username, Password and Gender. If the matches are found to be ‘TRUE’ then the variables with $valid_name, $valid_email, $valid_username, $valid_password, and $valid_gender are used to store the inputted data by the user. If not, the user is asked to make a correct input and for that, a message is displayed asking for one.

Finally, the values are checked again in the final if statement to ensure that none of these values are incorrect. Then it is accepted into the database and a file saying “Thank you” or acknowledging the fact that data has been correctly received is displayed.

Note – If you wish to implement the matching of regular expressions in PHP by taking into account the case of case-sensitive alphabets, you can make use of the ereg function instead of other functions.

Figure 1.Validation form output


Here’s the HTML code for the implementation of server-side form validation using regular expression. This is also where you will need to include the PHP code. i.e. the validationprocess.php file.

Listing 2: This is the index page

<php include("validationprocess.php"); ?>
<form method="post" action="" name="form">
   Full name : <input type="text" name="name" value="<?php echo $valid_name; ?>" /> 
   <?php echo $error_name; ?> 
   Email : <input type="text" name="name" value="<?php echo $valid_email; ?>" /> 
   <?php echo $error_email; ?> 
   Username : <input type="text" name="name" value="<?php echo $valid_username; ?>" /> 
   <?php echo $error_username; ?> 
   Password : <input type="password" name="name" value="<?php echo $valid_password; ?>" /> 
   <?php echo $error_password; ?> 
   Gender : 
   <select name="gender">
      <option value="0">Gender</option>
      <option value="1">Male</option>
      <option value="2">Female</option>
   <?php echo $error_gender; ?> 


Using the given code snippet, one can easily carry out form validation from the server-side by the use of regular expressions. Although the above guide should be clear enough to give you a proper guide in terms of using form validation, you can also do some additional study to completely understand the technique behind the process.

Many of the languages that we use include form validation capabilities and allow programmers to implement them in varying aspects. For example, you can even make use of form validation if you wish to validate any other field or data, which basically doesn’t have anything to do with the variables defined in the above code snippet.

Server-side validation has emerged as a very strong and secure option as compared to client-side validation, which cannot always be carried out. Another emerging concept is to employ a combination of server-side, as well as client-side validation, which results in a secure and a faster process. However, this process can be slightly complicated in nature.

Before concluding this discussion, we must note that regular expressions and server side form validation are a good combination for any secured web application, although in some situation regular expression are not applicable.

Website: Have 16 years of experience as a technical architect and software consultant in enterprise application and product development. Have interest in new technology and innovation area along with technical...

What did you think of this post?
To have full access to this post (or download the associated files) you must have MrBool Credits.

  See the prices for this post in Mr.Bool Credits System below:

Individually – in this case the price for this post is US$ 0,00 (Buy it now)
in this case you will buy only this video by paying the full price with no discount.

Package of 10 credits - in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download few videos. In this plan you will receive a discount of 50% in each video. Subscribe for this package!

Package of 50 credits – in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download several videos. In this plan you will receive a discount of 83% in each video. Subscribe for this package!

> More info about MrBool Credits
You must be logged to download.

Click here to login