Table of Contents
In Web:Extend, there is Web. The Web is a marvelous world, but every single bit of user-supplied data should be treated as a possible threat for humans, capable of triggering a black hole in the heart of the LHC. We can't trust the user, so we have to validate data. An user could enter bad information by mistake that would trigger errors everywhere in your application. Or a malicious attacker could send specifically crafted data in an attempt to take the control of your system. To protect yourself and your applications, Web:Extend provides a number of validators that should cover all of your common needs.
Every validator inherits from weeValidator.
To use a validator, you first need to construct it with some arguments (they can vary depending on the validator)
and attach a value to it through the setValue method.
Then, calling the hasError method will return whether the data is invalid.
If the data is invalid, you can call getError to retrieve a description of the error.
For convenience, a static method test is also available.
This method takes the value to be validated and the validator arguments and returns whether the value is valid.
Note the difference between the test method and the hasError method.
There exists two types of validators: standard validators, allowing you to test variables directly; and form validators, allowing you to test data associated with a form.
The following table lists the standard validators available in the framework:
Table 18.1. Standard validators
| Name | Description |
|---|---|
weeBigNumberValidator |
A number validator like weeNumberValidator, but not affected by PHP's limitations on number size.
Use this validator when you expect some values to be bigger than PHP's variable limit (e.g. MAX_INT for integers).
|
weeDateValidator | Checks if a date is valid. The date format must be YYYY-MM-DD, e.g. 1987-10-29 for October 29th, 1987. |
weeEmailValidator | Checks if an email address is well-formed. |
weeNumberValidator | Checks if the given value is a correct number. It can check for integers and floats and restrict them to a specific range. |
weeStringValidator |
Checks if the given input is a correct string according to the arguments.
The input must be a string, or an instance of Printable, or an object with a callable __toString() method.
|
weeTimeValidator | Checks if the given input is a correct time. The time format must be HH:mm, e.g. 00:00 for midnight. |
weeURLValidator | Checks if the given input is a correct URL. |
As shown before, you need to use weeStringValidator to validate a string.
You need to give him a few arguments, because this validator is almost as useful without arguments as a stagecoach without horses.
You can use this validator when you need to verify some constraints about the input length.
<?php $o = new weeStringValidator(array('max' => 42)); $o->setValue($sValue); if ($o->hasError()) { // $sValue has a length greater than 42. echo $o->getError(); } else { // $sValue is valid, its length is smaller than or equal to 42, doSomething($sValue); }
On the other hand, some validators do not require any argument, like the email validator weeEmailValidator.
<?php $o = new weeEmailValidator; $o->setValue($sEmail); if ($o->hasError()) echo $o->getError(); // invalid else doSomething($sEmail); // valid
All validators have default error messages. These messages can be modified by passing adequate arguments to the validators.
<?php $o = new weeDateValidator(array('invalid_error' => 'What you gave me was not a date!')); $o->setValue('fail'); if ($o->hasError()) echo $o->getError(); // What you gave me was not a date!
Furthermore, the error messages related to a specific argument can refer to its value.
<?php $o = new weeTimeValidator(array('max' => '09:42', 'max_error' => 'The value you gave is greater than %max%.')); $o->setValue('09:43'); if ($o->hasError()) echo $o->getError(); // The value you gave is greater than 09:42.
If you don't care about the error message because you only want to know whether your input is valid,
you can use the static test shortcut method of your validator.
Every standard validator implements this method.
<?php
$bInputIsValid = weeSomeValidator::test($mValue, $aArgs);
As in practice nearly all failed validations lead to a failure somewhere,
it is good practice to use the test method in conjunction with the test or burn idiom.
<?php weeStringValidator::test($s, array('min' => 1)) or burn('UnexpectedValueException', 'The given string is empty.');
This will throw an UnexpectedValueException if the validation fails.