Form Validation

This document contains a list of Formr's form validation methods and rules.

Note: Form validation mainly takes place inside the post() function, which is covered on this page. You can find more about processing forms with Formr on the Methods page.


Receiving Input

validate()

The easiest - and most basic - way to validate a form. Simply add a comma delimited list of your form’s labels and Formr will grab all of the POST data, validate it according to your rules, and put the values into an array. If your label contains the word email, Formr will automatically assign the valid_email validation rule. This method is bascially a basic wrapper around the post() method.

There is one parameter to the validate() function:

  1. The first parameter is required and accepts a comma delimited string of form labels and their associated validation rules, wrapped in parentheses ().

Usage

$form->validate('Name, Email, Comments');

Example: Get the value of the form fields after the form has been submitted

$data = $form->validate('Name, Email address');

$name = $data['name'];
$email = $data['email_address'];
Notice how our label is named Email address yet our form field is named email_address? This is because Formr will take any spaces in your labels and convert them to an underscore.

Example: Ensure the Name field has a minimum of 3 characters and a max of 5 characters

$form->validate('Name(min_length[3]|max_length[5]), Email address');
You can add as many validation rules as you like by separating each rule with a pipe (|) character.

post()

The post() function processes and validates the POST form input based upon a series of chainable rules.

There are three parameters to the post() function:

  1. The first parameter is required and contains the field name: the exact name you’ve given the form field.
  2. The optional second parameter contains the human readable text for this field, which will be inserted into the error message. It can optionally contain a custom error message string that will be shown if the field is required, yet left empty when submitted.
  3. The optional third parameter contains pipe-delimited (|) validation rules for this field.
The form data is passed through the PHP trim() and strip_tags() functions for basic sanitation. If you want to allow HTML in your forms, just add allow_html as a validation rule in the post() method's validation parameter and only trim() will be applied to the input.

Example: Process the form input for the fname field and put it into a variable

// this is basically the same as strip_tags(trim($_POST['fname']))
$fname = $form->post('fname');


Example: Make sure an email address is valid using FILTER_VALIDATE_EMAIL

$form->post('email','Email','valid_email');


Example: Require the submitted password is no less than 6 characters and no more than 20

$form->post('password','Password','min_length[6]|max_length[20]');


Example: Require the password_conf field matches the password field

$form->post('password_conf','Password Confirm','matches[password]');


Example: Create a custom error message string

// adding a pipe (`|`) character after the human readable text will create a custom error string
$form->post('email','Email|Please enter your email address','valid_email');

Validation Rules

The following table contains all of Formr’s validation rules for the post() method.

Rule Parameter Description Example
matches Yes Returns FALSE if the form element does not match the one in the parameter. matches[form_item]
min_length Yes Returns FALSE if the form element is shorter then the parameter value. min_length[6]
max_length Yes Returns FALSE if the form element is longer then the parameter value. max_length[12]
exact_length Yes Returns FALSE if the form element is not exactly the parameter value. exact_length[8]
greater_than Yes Returns FALSE if the form element is less than the parameter value or not numeric. greater_than[8]
less_than Yes Returns FALSE if the form element is greater than the parameter value or not numeric. less_than[8]
alpha No Returns FALSE if the form element contains anything other than alphabetical characters.  
alpha_numeric No Returns FALSE if the form element contains anything other than alpha-numeric characters.  
alpha_dash No Returns FALSE if the form element contains anything other than alpha-numeric characters, underscores or dashes.  
numeric No Returns FALSE if the form element contains anything other than numeric characters.  
integer No Returns FALSE if the form element contains anything other than an integer.  
decimal No Returns FALSE if the form element is not exactly the parameter value.  
valid_email No Returns FALSE if the form element does not contain a valid email address.  
valid_ip No Returns FALSE if the supplied IP is not valid.  
md5 No Returns an md5 encrypted string.  
sha1 No Returns an sha1 encrypted string.  
hash No Returns an encrypted string using the password_hash() function.  
sanitize_string No Passes result through the FILTER_SANITIZE_STRING function.  
sanitize_url No Passes result through the FILTER_SANITIZE_URL function.  
sanitize_email No Passes result through the FILTER_SANITIZE_EMAIL function.  
slug No Creates a Twitter-style username string containing only letters, numbers and underscores.  
strip_numeric No Strips out everything but numbers.  
allow_html No Allows HTML, script tags, etc. Use with caution!