-1

Can somebody help me? I am starting to learn PHP and i am trying to validate my username and password. it should only input characters, otherwise it will prompt validation error. However, even if i entered numbers, my form is still successful. I've used is_string function to validate but it seems it's not working.

Here's my code:

<?php

    if(isset($_POST['submit'])) {
        $username = $_POST['username'];
        $password = $_POST['password'];
        if(!is_string($username) && !is_string($password)) {
            echo "Error! Please input characters only.";
        }
        else {
            echo "successful";
        }
    }
    else {
            $username = "";
            echo "Please log in.";
    }
?>

<!DOCTYPE html>
<html>
<head>
    <title> First Page </title>
    <meta charset="UTF-8"/>
</head>
<body>

    <form action="basic.php" method="POST">
    Username: <input type="text" name="username" value="<?php $username ?>" /> <br/>
    Password:   <input type="password" name="password" /> <br/>
    Submit: <input type="submit" name="submit" value="Submit" />
    </form>


</body>
</html>
Improve this question
5
  • 3
    data submitted from text boxes are strings even if it's all numbers Commented Sep 6, 2016 at 6:52
  • php.net/manual/en/function.is-string.php Commented Sep 6, 2016 at 6:54
  • is_string — Find whether the type of a variable is string Commented Sep 6, 2016 at 6:54
  • Why would you want to restrict your password like that? Assuming you mean || instead of &&. Commented Sep 6, 2016 at 6:55
  • i think you should use || instead of && to validate the input Commented Sep 6, 2016 at 6:57

4 Answers 4

Reset to default
1

is_string only check the type of variable you are using. And, in this case, both variables are indeed strings, as they should be.

If you want to validate, you could use regular expression matching, for example:

if(preg_match( '/^[0-9]+$/', $string )) {
    // all numbers
}

Be warned though, regular expressions can be daunting to the beginner.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

replace this code with your code its solve your problem

if(preg_match('/[^A-Za-z]/', $username) && preg_match('/[^A-Za-z]/', $password)) 
{
  echo "Error! Please input characters only.";
}
else
{
  echo "successful";
}
Improve this answer

Comments

0

The $_POST['username'] could be '1234' which does indeed contain numbers, but is still considered a string. Since is_string() only checks for the type of a variable it is working as expected.

For validation you could use a regular expression (regex) but I think that's a bit overkill and performance-wise not the best option. A native function like ctype_alpha might fit better.

Improve this answer

6 Comments

Performance is hardly an issue here. Also, using a regular expression will give you more flexibility in the future (what if you want to allow number in the future, for example). In addition to that, ctype_alpha will also denote strings with diacritics (e.g. "áé") as not-alphabetic.
I understand that is_string function only check the type of the variable. but when i try other way of using this, i get the expected results. Only when i am using form input that i do not. Please see this sample where i can get the expected results: <?php $number = 3; if(!is_string($number)) { echo "Error! Please input characters only."; } else { echo "successful"; } ?>
@BartFriederichs the OP stated he was starting to learn PHP so using a regex right away might be a bit too confusing.
@JacobRosta That's probably because your formdata is '3' (a string, note the quotation marks) as opposed to 3 (integer). You could use the function gettype() on your formdata to get the type of variable.
then why do textboxes are strings even if it's numbers?
|
0

Use preg_match to validate the username, and password for your purpose. For example at hiteachers.com, I only allow letters (enable case-insensitive mode), a period (as in an initial),an apostrophe, a space, and the dash, and the value should be within the range of 4 to 20 characters long, you can use (preg_match ('/^[\w \'.-]{4,20}$/i', $_POST['username'])).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.