Form Validation
This document contains a list of Formr's form validation methods and rules.
Note: Form validation mainly takes place inside the post() function, which is covered on this page. You can find more about processing forms with Formr on the Methods page.
Receiving Input
validate()
The easiest - and most basic - way to validate a form. Simply add a comma delimited list of your form’s labels and Formr will grab all of the POST data, validate it according to your rules, and put the values into an array. If your label contains the word email, Formr will automatically assign the valid_email validation rule. This method is bascially a basic wrapper around the post() method.
There is one parameter to the validate() function:
- The first parameter is required and accepts a comma delimited string of form labels and their associated validation rules, wrapped in parentheses
().
Usage
$form->validate('Name, Email, Comments');Example: Get the value of the form fields after the form has been submitted
$data = $form->validate('Name, Email address');
$name = $data['name'];
$email = $data['email_address'];
Notice how our label is named
Email address yet our form field is named email_address? This is because Formr will take any spaces in your labels and convert them to an underscore.
Example: Ensure the Name field has a minimum of 3 characters and a max of 5 characters
$form->validate('Name(min_length[3]|max_length[5]), Email address');
You can add as many validation rules as you like by separating each rule with a pipe (
|) character.
post()
The post() function processes and validates the POST form input based upon a series of chainable rules.
There are three parameters to the post() function:
- The first parameter is required and contains the field name: the exact name you’ve given the form field.
- The optional second parameter contains the human readable text for this field, which will be inserted into the error message. It can optionally contain a custom error message string that will be shown if the field is required, yet left empty when submitted.
- The optional third parameter contains pipe-delimited (
|) validation rules for this field.
The form data is passed through the PHP
trim() and strip_tags() functions for basic sanitation. If you want to allow HTML in your forms, just add allow_html as a validation rule in the post() method's validation parameter and only trim() will be applied to the input.
Example: Process the form input for the fname field and put it into a variable
// this is basically the same as strip_tags(trim($_POST['fname']))
$fname = $form->post('fname');Example: Make sure an email address is valid using FILTER_VALIDATE_EMAIL
$form->post('email','Email','valid_email');Example: Require the submitted password is no less than 6 characters and no more than 20
$form->post('password','Password','min_length[6]|max_length[20]');Example: Require the password_conf field matches the password field
$form->post('password_conf','Password Confirm','matches[password]');Example: Create a custom error message string
// adding a pipe (`|`) character after the human readable text will create a custom error string
$form->post('email','Email|Please enter your email address','valid_email');Validation Rules
The following table contains all of Formr’s validation rules for the post() method.
| Rule | Parameter | Description | Example |
|---|---|---|---|
| matches | Yes | Returns FALSE if the form element does not match the one in the parameter. | matches[form_item] |
| min_length | Yes | Returns FALSE if the form element is shorter then the parameter value. | min_length[6] |
| max_length | Yes | Returns FALSE if the form element is longer then the parameter value. | max_length[12] |
| exact_length | Yes | Returns FALSE if the form element is not exactly the parameter value. | exact_length[8] |
| greater_than | Yes | Returns FALSE if the form element is less than the parameter value or not numeric. | greater_than[8] |
| less_than | Yes | Returns FALSE if the form element is greater than the parameter value or not numeric. | less_than[8] |
| alpha | No | Returns FALSE if the form element contains anything other than alphabetical characters. | |
| alpha_numeric | No | Returns FALSE if the form element contains anything other than alpha-numeric characters. | |
| alpha_dash | No | Returns FALSE if the form element contains anything other than alpha-numeric characters, underscores or dashes. | |
| numeric | No | Returns FALSE if the form element contains anything other than numeric characters. | |
| integer | No | Returns FALSE if the form element contains anything other than an integer. | |
| decimal | No | Returns FALSE if the form element is not exactly the parameter value. | |
| valid_email | No | Returns FALSE if the form element does not contain a valid email address. | |
| valid_ip | No | Returns FALSE if the supplied IP is not valid. | |
| md5 | No | Returns an md5 encrypted string. | |
| sha1 | No | Returns an sha1 encrypted string. | |
| hash | No | Returns an encrypted string using the password_hash() function. | |
| sanitize_string | No | Passes result through the FILTER_SANITIZE_STRING function. | |
| sanitize_url | No | Passes result through the FILTER_SANITIZE_URL function. | |
| sanitize_email | No | Passes result through the FILTER_SANITIZE_EMAIL function. | |
| slug | No | Creates a Twitter-style username string containing only letters, numbers and underscores. | |
| strip_numeric | No | Strips out everything but numbers. | |
| allow_html | No | Allows HTML, script tags, etc. Use with caution! |