Topics

Form validation in PHP

To validate a form, create identical object that you have used to generate form's HTML and then use $form->validate($postedData) method. Each field can have many validation rules, which can be added using addValidator() method on each field.

<?php 
....
$field->addValidator('Required');

See validators page for a full list of available validators. If a validator requires attributes, pass an array where first element is a validator name and second element contains specific validation parameters.

<?php 
$field->addValidator(
    array(
        'Regex', 
        '/^[a-zA-Z0-9]*$/'
    )
)

Bellow is a sample code that validates submitted data. Put this code into your controller.

Validate submitted data in PHP 

<?php
    //initialize the same form object as it was used to render a form
    $form = new \Ip\Form();

    //add a sample text field to form object
    $field = new \Ip\Form\Field\Text(
        array(
            'name' => 'myTextField', //html "name" attribute
            'label' => 'My text field', //field label that is displayed next to input field
        ));
    $field->addValidator('Required');
    $form->addField($field);
    $postData = ipRequest()->getPost();
    $errors = $form->validate($postData);
 
    if ($errors) {
            //error
            $data = array (
                'status' => 'error',
                'errors' => $errors
            );
    } else {
            //success
            $data = array (
                'status' => 'ok'
            );
    }
    return new \Ip\Response\Json($data);
?>

Prevent spam

Each newly created form by default adds antispam field which tries to detect robots and prevents them from submitting the form. You can remove this field using $form->removeSpamCheck() method.  

CSRF check

Also, by default, each newly created form adds security field to check against CSRF attack.  It is just a simple hidden input field with security token value in it. All POST methods to controller have to have this value set or ImpressPages will reject the request as an attack. If for some reason you don't need that field in the form, use $form->removeCsrfCheck() method to remove it. 

See also

comments powered by Disqus