How do i create a secure php register login form with validation?

The course shows how to build registration functionality with PHP and MySQL. In the course, we are going to learn and practice building this functionality and how to send confirmation emails to successfully register a user in a PHP application.

In this lesson, we are going to learn how to validate data that came from the user registration form. The new script that we are going to create in this lesson is responsible for data validation and error processing logic.

Make sure to check the previous lesson in order to have the user registration form in place for this lesson.

Lesson Overview

In this lesson, we are going to learn:

  • How to ensure all required fields are present
  • How to validate and check password and confirm password

Register Form

The register form that we created in the previous lesson performs two actions:

  • it redirects a user from the register.php page to the signup.php page
  • it sends the submitted data via $_POST array variable to a script with the name signup.php

How do i create a secure php register login form with validation?

The $_POST variable contains the data submitted from the form and passed to the signup.php script.

It is very easy to access form data from the $_POST variable. In order to do this, the $_POST variable should be used as an array variable with the key, that is used as the name of an input form field.

Please refer to the form for getting the right name argument of input fields.

<form action="signup.php" method="POST">
  Username: <input type="text" name="username" /><br />
  Email: <input type="text" name="email" /><br />
  Password: <input type="text" name="password" /><br />
  Confirm password: <input type="text" name="password_confirm" /><br />
  <input type="submit" value="Register" />
</form>

The names of the form input fields are:

  • username
  • email
  • password
  • password_confirm

To access data that has been submitted and available in the $_POST variable array we have to use the keys above and assign result into variables.

<?php

$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$passwordConfirm = $_POST['username'];

This will work, however if there is no data with the key used PHP will show as a warning, saying that the key doesn't exist.

Validation

For the validation, we have to verify that the data submitted from the registration form is available in the $_POST variable array and is not empty. As we don't want to allow empty values when all form input fields are required for the user registration process.

We are going to use the empty() PHP function. The function allows to check that the key of exists in the array and verify that the value is present and is not empty.

Let's assign the $_POST variable into the local $data variable.

<?php

$data = $_POST;

if (empty($data['username']) ||
    empty($data['password']) ||
    empty($data['email']) ||
    empty($data['password_confirm'])) {
    
    //do something
}

As you noticed, we used the || (OR) operator to ensure that all parameters were provided. If at least one value is empty or doesn't exists, we are going to show an error message to an user.

The die() PHP function allows to print a message in a browser and finish the script execution. The die() function usage is a temporary solution, that we will remove and use the $_SESSION variable to set the message. As for now, let's just show the message on the same page.

<?php

die('Please fill all required fields!');

Let's place the message into the if statement.

<?php

$data = $_POST;

if (empty($data['username']) ||
    empty($data['password']) ||
    empty($data['email']) ||
    empty($data['password_confirm'])) {
    
    die('Please fill all required fields!');
}

Password Validation

As for the password and password_confirm fields, we are going to check if both values are the same. We will show an error message if it is not.

<?php

if ($data['password'] !== $data['password_confirm']) {
   die('Password and Confirm password should match!');   
}

As a result, the data passed from the user registration form is checked for its presence and that the password and confirmation password match.

The signup.php script with both validations is below:

<?php

$data = $_POST;

if (empty($data['username']) ||
    empty($data['password']) ||
    empty($data['email']) ||
    empty($data['password_confirm'])) {
    
    die('Please fill all required fields!');
}

if ($data['password'] !== $data['password_confirm']) {
   die('Password and Confirm password should match!');   
}

//other logic...

In the next lesson, we are going to cover the database validation.

How can I secure my login page in PHP?

Getting Started. There are a few steps we need to take before we create our secure login system. ... .
Creating the Login Form Design. ... .
Creating the Database and setting-up Tables. ... .
Authenticating Users with PHP. ... .
Creating the Home Page. ... .
Creating the Profile Page. ... .
Creating the Logout Script..

How will you create forms and validate the form input in PHP?

PHP validates the data at the server-side, which is submitted by HTML form. You need to validate a few things: Empty String..
$name = $_POST ["Name"];.
if (! preg_match ("/^[a-zA-z]*$/", $name) ) {.
$ErrMsg = "Only alphabets and whitespace are allowed.";.
echo $ErrMsg;.
} else {.
echo $name;.

Can PHP be used for validation?

PHP Form Validation code is a set of validation rules that allows you to create server-side validation to the PHP forms quickly with little efforts. Form validation is really crucial for dynamic web pages.

How do I create a signup form registration with php and MySQL?

How to create a Registration and Login System with PHP and MySQL.
Create a Database and Database Table..
Connect to the Database..
Session Create for Logged in User..
Create a Registration and Login Form..
Make a Dashboard Page..
Create a Logout (Destroy session).
CSS File Create..