Input Validation
Usage
Validation rules are passed as a pipe-delimited (|
) string to methods in the Input module.
Some rules take an additional argument after a colon :
.
// Integer, from 12 to 130. $age = Input.get('age', 'i|min:12|max:130'); // String, 3 to 30 characters in length $name = Input.get('name', 's|min:3|max:30');
Filters
By default, the validator applies these filters, unless overrided by a rule:
- HTML tags removed.
- Newlines removed.
- Multiple spaces shrunk to 1 space.
Rules
Basic Type Rules
id | Description | Length or Range | Examples |
---|---|---|---|
b | boolean | -- | 'true', 'false' |
i | integer | 0 - any | 1, 7, 1000 |
f | float | 0 - any | 1.0, 3.14 |
s | string | 4 - 100 | 'abc123' |
Built-In Rules
id | Length | Characters | Examples |
---|---|---|---|
id | 1 - 100 | a-z A-Z 0-9 -_. | '2234', 's63asg352', 'my-post' |
username | 3 - 20 | a-z A-Z 0-9 -_ | 'abc123' |
password | 8 - 100 | any | any non-weak password |
4 - 60 | ___@____ | me@mail.com | |
url | 8 - 200 | http(s)://____ | http://asite.com |
phone | 6 - 30 | 0-9 ().-+ext | (123) 456-7890 |
accepted | 1 | 1 | '1' |
body | 10 - any | any | string with newlines e.g. forum posts |
Modifier Rules
id | Description |
---|---|
optional | Field is not required. |
min:n | Lowest string length or number value. |
max:n | Highest string length or number value. |
regex:pattern | Pattern, matched from start of string. |
in:list | Must be in comma-delimited list. Ex: 'in:red,green,blue' |
notIn:list | Must NOT be in comma-delimited list. |
same:otherField | Must be same as value of other field. Ex: 'same:passwordConfirm' |
notSame:otherField | Must NOT same as value of other field. |
civilize | Apply String.civilize(). |
dangerDangerHtml | Do not strip HTML tags. |
Other Rules
id | Length | Characters | Examples |
---|---|---|---|
json | 1 - any | {...} | '{a:1,b:2,c:"three"}' |
dangerDangerRaw | 1 - any | any | -- |
Passwords
Any password
field will be returned as a Password object, instead of a string.
This protects it from being leaked as plain text elsewhere in your app.