In my opinion it is not a good idea to validate form using php as javascript is much more suitable for the job.
I used something like this in the head of the page:
<script language="JavaScript" type="text/javascript">
function checkform ( form )
{
if (form.lastname.value == "") {
alert( "please enter something" );
form.lastname.focus();
return false ;
}
if (form.firstname.value == "") {
alert( "please enter something");
form.firstname.focus();
return false ;
}
return true ;
}
</script>
and then in form tag:
onSubmit="return checkform(this);"
where lastname and firstname are form fields.
Works perfect for me althought that was the only time I have ever touched javascript.

Basic Form Input Validation in PHP using Regular Expressions:

[webmasterworld.com...]

lukasz:
Even if you have done client side verification with JavaScript you should still verify server side also - you must never trust anything coming from the client!

As a particular warning in this case; I don't know which method is being used to send the email; but if it is a case of constructed text being piped to sendmail then there is the possibility for an attacker to inject shell commands (similar to SQL injection) if nothing is done to protect against it!

You'll find many variations of an email validating regex, but this is what I use:

// Check for valid email 
function api_is_email($input) 
{ 
if ($input) 
{ 
if (eregi("^[-a-z0-9_][-a-z0-9_.]*\@[-a-z0-9]+(\.[-a-z0-9]+)*\.(com¦edu¦gov¦int¦mil¦net 
¦org¦biz¦info¦name¦museum¦coop¦aero¦[a-z][a-z])$", $input)) return 1; 
} 
} 

[edited by: jatar_k at 5:50 pm (utc) on Dec. 15, 2003]
[edit reason] broke line for sidescroll [/edit]

Thank you for the help, the form is validating now, but it is getting stuck on the php page and not sending people to the thank you page.
Is this how it should look in the form tag?

<form action="********.php" method="POST" onsubmit="return check form(this)" name="myform" language="JavaScript">

"not sending people to the thank you page"

Have you told it to? Something like:

header("Location: /thankyoupage.html");

will do the trick - but only trigger it if the form validates!

I figured it out. I had a space in the wrong place.
I really appreciate everyone's help, I thrive on this place.

Following is a Javascript it will definitely help to avoide receiving blank forms:

PART: 1 Include following script in your head tags

<HEAD>
<SCRIPT LANGUAGE="JavaScript">
function checkFields() { // field validation -
if ( (document.emailform.name.value=="") ¦¦ // checks if fields are blank.
(document.emailform.email.value=="") ¦¦ // checks if fields are blank.
(document.emailform.phone.value=="") ¦¦ // checks if fields are blank.
(document.emailform.comments.value=="") ) // checks if fields are blank.
{
alert("Please enter your name, phone, email, and comments then re-submit this form.");
return false;
}
</SCRIPT>
</HEAD>

PART:2 INLCUDE ON SUBMIT IN <BODY> <FORM> TAG

<BODY>
... ... ...
<form action="ANY" method="ANY" onSubmit="return checkFields()" name="NAME OF YOUR FORM">

... ... ...

</BODY>

HOPE, THIS WILL SERVE YOUR PURPOSE.
BEST LUCK!

ganderla,

JavaScript is a good way to validate the form because it happens more immediately since there is no interaction with the server, but you may want to include PHP validation also.

You said you are getting a lot of blank submissions.. I've gotten the same thing before, and in checking my logs, I've found that most of these come through from bots. The problem here is that a bot is unlikely to understand the JavaScript. It will most likely suck the URL from the action="..." parameter and follow it causing a blank submission.

So on my site, I've implemented both. This makes it easy and friendly for users who have accidentally missed something, but verifies everything on the backend as well in case someone tries to circumvent the JavaScript (or has it disabled).

Thank you all for your help, I will not be getting any more blank forms.