Molajo Fieldhandler is an integrated data integrity assurance package for PHP applications. The approach validation and sanitation functionality very specifically as specialised tools. In unifying tool usage around a focus on field-level rule compliance, applications ensure data collection processes provide clean, verified, and useful information.
Mission critical applications rely on well designed and carefully implemented cleansing, formatting and verification routines. The goal of the Molajo Fieldhandler is to make it easier for PHP developers not only to accomplish this goal but as importantly to be able to communicate exactly how the application enforcing integrity constraints in terms that the client can understand.
At the most basic level, constraints define data collection and usage rules by describing qualities of the data. These rules might include specifications about the minimum and maximum values, number of occurrences for an array, whether or not a field is required or if there is a list or data range that can be used to confirm data values.
A critical step in application development associates specific integrity constraints with each field in the collection. It is simply not possible to ensure clean data if the rules defining that state are not articulated.
As an example, assume these constraints for the password field:
- Passwords can contain alphanumeric characters, the underscore (_), dollar sign ($), and pound sign (#).
- Passwords must be from 8 to 30 characters in length.
- Passwords expire every 90 days.
- The new password cannot match the existing value.
- Passwords should never be displayed and must be masked as asterisks.
Review the existing Molajo Fieldhandler Constraint classes to define enforcement. Custom Constraints can be created when delivered constraints are not enough.
- Validate the password 'last change date' using the Date Constraint to verify the date is not over 90 days previous.
- Validate the field data using the Alphanumeric Constraint and values (_), ($), and (#).
- Validate the field data using the Length Constraint to ensure a length of 8 to 30 characters.
- Escape the password using the Password Constraint class to replace password values with asterisks.
This is a verbose example for purposes of learning where each constraint is specifically enforced.
// 1. Instantiate the Molajo Fieldhandler and inject $fieldhandler into class
$fieldhandler = new Molajo\Fieldhandler\Request();
// 2. Verify the password is still valid
$results = $request->validate('Last Changed', $last_changed, 'Date', array('LT' => 91, 'Context' => 'Days');
if ($results->getValidateResponse() === false) {
// deal with the problem
$messages = $results->getValidateMessages();
}
// 3. Verify data values using the *Alphanumeric Constraint* and values (_), ($), and (#).
$results = $request->validate('Password', $password, 'Alphanumeric', array('special_characters' => '-, $, #');
if ($results->getValidateResponse() === false) {
// deal with the problem
$messages = $results->getValidateMessages();
}
// 4. Passwords must be from 8 to 30 characters in length.
$results = $request->validate('Password', $password, 'Length', array('minimum' => 8, 'maximum' => 30);
if ($results->getValidateResponse() === false) {
// deal with the problem
$messages = $results->getValidateMessages();
}
// 5. Display Password
$results = $request->escaoe('Password', $display_password, 'Password';
if ($results->getChangeIndicator() === true) {
$display_password = $results->getFieldValue();
}While the previous example showed how to perform each test, one at a time, it is also possible to group constraints for each field:
// 1. Instantiate the Molajo Fieldhandler and inject $fieldhandler into class
$fieldhandler = new Molajo\Fieldhandler\Request();
// 2. Enforce Password Constraints using a terse syntax
$results = $request->ensureFieldConstraints(
'Display Password', $display_password,
array('verify' => 'date', 'verify' => 'Alphanumeric', 'verify' => 'Length', 'escape' => 'Password'),
array('LT' => 91, 'Context' => 'Days', 'special_characters' => '-, $, #' );
if ($results->getSuccessIndicator() === false) {
$field->messages = $results->getValidateMessages();
} elseif ($results->getChangeIndicator() === true) {
$field->value = $results->getFieldValue();
}If you define which fields belong to a data collection and what constraints apply to each field, Molajo Fieldhandler can manage constraint verification quite simply, as this example shows.
// 1. Instantiate the Molajo Fieldhandler and inject $fieldhandler into class
$fieldhandler = new Molajo\Fieldhandler\Request();
// 2. Process all fields in a loop
foreach ($data_object as $field) {
$results = $request->ensureFieldConstraints(
$field->name,
$field->value,
$field->tests,
$field->options);
if ($results->getSuccessIndicator() === false) {
$field->messages = $results->getValidateMessages();
} elseif ($results->getChangeIndicator() === true) {
$field->value = $results->getFieldValue();
}
}INCOMPLETE
INCOMPLETE
The examples in this section assume the Fieldhandler has been instantiated, as follows:
$fieldhandler = new Molajo/Fieldhandler/Driver();Each character in the alias URL slug must be alphanumeric or a dash.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('alias_field', 'This will not validate', 'Alias');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Converts the value to a usable URL slug. In this example, $field_value will contain jack-and-jill.
$response = $request->sanitize('alias_field', 'Jack and Jill', 'Alias');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For alias, the format method produces the same results as sanitize.
Each character in the alias URL slug must be alphabetic. To allow the 'space character', use the
allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('employee_name', 'Pat 3Nelson', 'Alpha', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain Pat Nelson.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('employee_name', 'Pat 3Nelson', 'Alpha');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Each character in the alias URL slug must be a character or a digit. To allow the 'space character', use the
allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('description', '4 dogs and #3 cats', 'Alphanumeric', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain 4 dogs and 3 cats.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('description', '4 dogs and #3 cats', 'Alphanumeric', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Must be an array. Optionally, if $options['valid_values_array'] is provided, array values must match a value in the valid array. Optionally, if $options['array_minimum'] is specified, array entries must not be less than that value. Optionally, if $options['array_maximum'] is specified, array entries must not be exceed that value.
Verifies value (or array of values) against constraint, returning a TRUE or FALSE result and error messages
In this example, $response->getValidateResponse() is TRUE since b and c are in the
valid array of a, b, c and because there are two entries in the input array which is more than
the minimum value allowed of 1.
$options = array();
$options['valid_values_array'] = array('a', 'b', 'c');
$options['array_minimum'] = 1;
$response = $request->validate('array_field', array('b', 'c'), 'Array', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if the array does not meet the constraint definition.
In this example, $field_value is NULL since b and c are not in the valid array values.
$options = array();
$options['valid_values_array'] = array('x', 'y', 'z');
$response = $request->validate('array_field', array('b', 'c'), 'Array', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Character must be true or false or NULL. (Use Default and/or Required if NULL is not allowed.)
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('boolean_field', true, 'Boolean');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Sanitizes for true or false, else returns NULL.
$response = $request->validate('boolean_field', 'dog', 'Boolean');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is not evaluated or changed.
Enables use of a custom callable function or method to sanitize, filter and format data.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
In this example, the data value 'hello' is input to the callback 'strtoupper' and the result 'HELLO'
is compared to the original value. Since the values are different, false is returned.
$options = array();
$options['callback'] = 'strtoupper';
$response = $request->validate('callback_field', 'hello', 'Callback', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Executes the callable against the data value to produce a sanitized result.
In this example, $field_value will result in HELLO.
$options = array();
$options['callback'] = 'strtoupper';
$response = $request->sanitize('callback_field', 'hello', 'Callback', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For callback, the format method produces the same results as sanitize. It can be
used to format data, as needed.
Within the string, a specified value exists.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
In this example, the response is false since the string does not contain the value specified.
$options = array();
$options['contains'] = 'dog';
$response = $request->validate('field_name', 'The cat meows.', 'Contains', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Sets field to null if the value specified does not exist in the string.
In this example, the $field_value is NULL.
$options = array();
$options['contains'] = 'dog';
$response = $request->validate('field_name', 'The cat meows.', 'Contains', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Each character must be a control character (ex. line feed, tab, escape).
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('text_field', '\n\r\t', 'Controlcharacters', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain \n \r \t.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('text_field', 'N\n \r \t', 'Alpha');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Must be a valid formatted date.
Verifies the date according to the format defined in $options['create_from_format'], returning true if valid or false and error messages if not valid.
$options = array();
$options['create_from_format'] = 'Y-m-d';
$response = $request->sanitize('date_field', '2013-12-31', 'Date', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Validates the date and returns null for $field_value if the date does not conform to the constraint.
$options = array();
$options['create_from_format'] = 'Y-m-d';
$response = $request->sanitize('date_field', '2013-12-31', 'Date', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Formats a date according to the format defined in $options['display_as_format'];
$options = array();
$options['create_from_format'] = 'Y-m-d';
$options['display_as_format'] = 'd/m/Y';
$response = $request->sanitize('date_field', '2013-12-31', 'Date', $options);
echo $response->getFieldValue();Applies default value for sanitize and verifies if the value requires a default for validate.
Verifies if the value is null, if so, returns a FALSE that a default has not been applied. If the field has a value, validate returns TRUE.
$response = $request->validate('any_field', null, 'Default');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Applies the default value defined in the $options array to the value, if the value is NULL.
$options = array();
$options['default_value'] = $default;
$response = $request->validate('any_field', NULL, 'Default');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is not evaluated or changed.
Each character must be a numeric digit.
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('digit_fieldname', '1 2 3 4 5', 'Digit', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain 1 2 3 4 5.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('text_field', '1x 2x 3x 4x 5x', 'Digit');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Only letters, digits and !#$%&'*+-/=?^_{|}~@.[]`
Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns true.
$response = $request->validate('email_field', '[email protected]', 'Email');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will result in NULL.
$response = $request->sanitize('email_field', 'not a valid email', 'Email');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Format returns an obfuscated email address.
$options = array();
$options['obfuscate_email'] = true;
$response = $request->sanitize('email_field', '[email protected]', 'Email', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}URL-encode string, optionally strip or encode special characters.
The following flags can be applied by adding to the options array (see examples):
- FILTER_FLAG_STRIP_LOW
- FILTER_FLAG_STRIP_HIGH
- FILTER_FLAG_ENCODE_LOW
- FILTER_FLAG_ENCODE_HIGH
Verifies value against constraint, returning a TRUE or FALSE result and error messages. For Encoded, the original value is compared to a sanitized value. If those values match, true is returned. Otherwise, the response is false and an error message is available.
$response = $request->validate('encode_field', '[email protected]', 'Encode');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint.
In this example, the input URL is something.php?text=unknown values here.
The resulting value is unknown%20values%20here.
$response = $request->sanitize('encode_field', 'unknown values here', 'Encode');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Format is not implemented for this constraint.
Tests that a value is equal to a specified value.
// The value of field `field1` is 'dog' and is tested to see if it matches 'dog'.
$results = $request->sanitize('field1', 'dog', 'Equal');Value must conform to one of the values defined within the $valid_values_array.
To override, send in an options entry of the values desired:
$valid_values_array = array(false, 0, 'no', 'off');
$options = array();
$options['valid_values_array'] = $valid_values_array;Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('false_only_field', $value, 'False');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not defined within the $valid_values_array.
$response = $request->validate('false_only_field', $value, 'False');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Value must conform to one of the values defined within the $valid_values_array.
To override, send in an options entry of the values desired:
$valid_values_array = array('gif', 'jpeg', 'jpg', 'png', 'pdf', 'odt', 'txt', 'rtf', 'mp3');
$options = array();
$options['valid_values_array'] = $valid_values_array;Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('file_extension_field', '.pdf', 'Fileextension');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not defined within the $valid_values_array.
$response = $request->validate('file_extension_field', '.pdf', 'Fileextension');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Remove all characters except digits, +- and optionally .,eE.
Can be used with the following flags by defining $option entries for each flag desired:
$options = array();
$options[FILTER_FLAG_ALLOW_FRACTION] = true;
$options[FILTER_FLAG_ALLOW_THOUSAND] = true;
$options[FILTER_FLAG_ALLOW_SCIENTIFIC] = true;Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns true.
$options = array();
$options[FILTER_FLAG_ALLOW_FRACTION] = true;
$response = $request->validate('float_field', 0.2345, 'Float');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will result in NULL.
$response = $request->sanitize('float_field', 'Dog', 'Float');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Uses the database connection defined in $options['database'] to execute a query that verifies there is a row for the table named in $options['table'] with a field named $options['key'] with a value of $field_value.
$field_name = 'my_foreign_key';
$field_value = 1;
$constraint = 'Foreignkey';
$options = array();
$options['database'] = $database;
$options['table'] = 'molajo_actions';
$options['key'] = 'id';
$results = $request->validate($field_name, $field_value, $constraint, $options);Verifies that the $field_value is greater than the From value and less than the To value.
$field_name = 'my_field';
$field_value = 5;
$constraint = 'Fromto';
$options = array();
$options['from'] = 0;
$options['to'] = 10;
$results = $request->validate($field_name, $field_value, $constraint, $options);Convert special characters to HTML entities:
'&' (ampersand) becomes '&' '"' (double quote) becomes '"' when ENT_NOQUOTES is not set. "'" (single quote) becomes ''' (or ') only when ENT_QUOTES is set. '<' (less than) becomes '<' '>' (greater than) becomes '>'
Encoding quotes can be disabled by:
$options = array();
$options[FILTER_FLAG_NO_ENCODE_QUOTES] = true;Not implemented. Will always return false.
Convert special characters to HTML entities:
$response = $request->validate('text_field', $data_value, 'Fullspecialchars');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. The value sent in is returned unchanged.
Each character must be a visible, printable character.
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('space_field', 'This is visible.\n\r\t', 'Graph', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain This is visible..
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('space_field', 'This is visible.\n\r\t', 'Graph', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Each character must be a numeric digit.
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('digit_fieldname', '1 2 3 4 5', 'Digit', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain 1 2 3 4 5.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('text_field', '1x 2x 3x 4x 5x', 'Digit');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
add whitelist description Escapes HTML entities. Equivalent to htmlspecialchars with with ENT_QUOTES set.
$field_name = 'my_field';
$field_value = '&';
$constraint = 'Html';
$options = array();
$results = $request->validate($field_name, $field_value, $constraint, $options);Tests that the value is an image.
// The value of field `numeric_field` is 'ABC123'. The filtered and escaped values will be 0.
// For 'validate', an exception is thrown. The following will return 123.
$results = $request->sanitize('numeric_field', '123', 'Int');Includes only digits, plus and minus sign.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns true.
$response = $request->validate('integer_field', 100, 'Integer');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will result in NULL.
$response = $request->sanitize('integer_field', '[email protected]', 'Integer');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented, simply returns the value sent in.
Tests that the value is an IP Address.
// The value of field `input_field` is '127.0.0.1'.
// Validate, filtered and escaped values will return the same.
$results = $request->sanitize('input_field', '127.0.0.1', 'Ip');Each character must be an lowercase character.
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns false due to the inclusion of non lowercase characters.
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('lower_field', 'This is lower', 'Lower');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will only contain the lowercase letter his is lower since the T and . are not lowercase.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('lower_field', 'This is lower.', 'Lower');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Lowercase all character values. In this example, $field_value will contain this is lower..
$response = $request->format('lower_field', 'This is lower.', 'Lower');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Validates or filters/escapes numeric value to not exceed the maximum.
// The value of field `input_field` is 10. Maximum is 3. Validate will fail.
// Filtered and escaped values will return 3.
$field_name = 'my_field';
$field_value = 10;
$constraint = 'Maximum';
$options = array();
$options['maximum'] = 3;
$results = $request->validate($field_name, $field_value, $constraint, $options);Value must conform to one of the values defined within the $valid_values_array.
To override, send in an options entry of the values desired:
$valid_values_array = array(
'image/gif',
'image/jpeg',
'image/png',
'application/pdf',
'application/odt',
'text/plain',
'text/rtf'
);
$options = array();
$options['valid_values_array'] = $valid_values_array;Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('Mimetype', 'application/pdf', 'Mimetypes');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not defined within the $valid_values_array.
$response = $request->validate('mimetype_field', 'application/pdf', 'Mimetypes');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Validates or filters/escapes numeric value to not exceed the maximum.
// The value of field `input_field` is 10. Minimum is 3.
// Validate, filtered and escaped values will return 10.
$field_name = 'my_field';
$field_value = 10;
$constraint = 'Minimum';
$options = array();
$options['minimum'] = 3;
$results = $request->validate($field_name, $field_value, $constraint, $options);Tests that a value is not equal to a specified value.
// The value of field `field1` is 'dog' and is tested to ensure it is NOT equal to 'dog'.
$results = $request->sanitize('field1', 'dog', 'Notequal');Value must not be a null value.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('random_field', $value, 'Notnull');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Not useful. (Can only return a NULL value if it is NULL.)
Not implemented. Value sent in is returned unchanged.
Not implemented. Value sent in is returned unchanged.
Value must conform to one of the values defined within the $valid_values_array.
To override, send in an options entry of the values desired:
$valid_values_array = array(false, 0, ' ', NULL);
$options = array();
$options['valid_values_array'] = $valid_values_array;Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('random_field', $value, 'Nothing');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not defined within the $valid_values_array.
$response = $request->validate('random_field', $value, 'Nothing');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Value must be null.
Verifies that value is NULL.
$response = $request->validate('Null_only_field', $value, 'Null');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not not null. =)
$response = $request->validate('Null_only_field', $value, 'Null');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Characters must be numeric.
Verifies if the value is numeric.
$response = $request->validate('any_field', 234, 'Numeric');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not numeric.
$response = $request->validate('any_field', 'dog', 'Numeric');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is not evaluated or changed.
Must be an object.
Verifies if the value is an object.
$response = $request->validate('any_field', $data_value, 'Object');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not an object.
$response = $request->validate('any_field', $data_value, 'Object');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is not evaluated or changed.
Do nothing, optionally strip or encode special characters. FILTER_FLAG_STRIP_LOW, FILTER_FLAG_STRIP_HIGH, FILTER_FLAG_ENCODE_LOW, FILTER_FLAG_ENCODE_HIGH, FILTER_FLAG_ENCODE_AMP. See sanitize filters.
// The value of field `input_field` is 10. Minimum is 3.
// Validate, filtered and escaped values will return 10.
$field_name = 'my_field';
$field_value = 'Me & You'; //returns 'Me & You'
$constraint = 'Raw';
$options = array();
$options[FILTER_FLAG_ENCODE_AMP] = true;
$results = $request->validate($field_name, $field_value, $constraint, $options);Each character must be a printable character.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns false due to the inclusion of control characters which cannot be displayed.
$response = $request->validate('printable_field', 'asdf\n\r\t', 'Printable');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain asdf.
$response = $request->sanitize('printable_field', 'asdf\n\r\t', 'Printable');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Each character must be a punctuation character.
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('punctuation_field', 'ABasdk! @ ! $ #', 'Punctuation', $options);
*
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain * & $ ( ).
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('punctuation_field', '* & $ ( )ABC', 'Punctuation', $options);
*
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Performs regex checking against the input value for the regex sent in.
// The value of field `input_field` may not be null
$field_name = 'my_field';
$field_value = AmyStephen@Molajo.org;
$constraint = 'Regex';
$options = array();
$options['regex'] = $regex_expression;
$results = $request->validate($field_name, $field_value, $constraint);Value must not be a null value.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('random_field', $value, 'Notnull');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Not useful. (Can only return a NULL value if it is NULL.)
Not implemented. Value sent in is returned unchanged.
Not implemented. Value sent in is returned unchanged.
Value must not be one of the values defined within the $valid_values_array.
To override, send in an options entry of the values desired:
$valid_values_array = array(false, 0, ' ', NULL);
$options = array();
$options['valid_values_array'] = $valid_values_array;Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('random_field', $value, 'Something');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is defined within the $valid_values_array.
$response = $request->validate('random_field', $value, 'Something');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Tests that the value is a string.
// The value of field `input_field` may not be null
$field_name = 'my_field';
$field_value = 'Lots of stuff in here that is stringy.';
$constraint = 'String';
$results = $request->validate($field_name, $field_value, $constraint);Tests that the length of the string is from a specific value and to a second value. From and To testing includes the from and to values.
// The value of field `input_field` may not be null
$options = array();
$options['from'] = 5;
$options['to'] = 10;
$results = $request->validate('My Field Name', $field_to_measure, 'Stringlength', $options);Each character must be a whitespace character. Besides the blank character this also includes tab, vertical tab, line feed, carriage return and form feed characters.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('space_field', '\n \r \t', 'Space');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will contain \n \r \t.
$response = $request->sanitize('space_field', '*\n \r \t', 'Space');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}For this constraint, the format method is not implemented. The value sent in is not evaluated or changed.
Tests that the value is a string.
Must be a valid formatted time.
Verifies the time according to the format defined in $options['create_from_time_format'], returning true if valid or false and error messages if not valid.
$options = array();
$options['create_from_time_format'] = 'H:i:s';
$response = $request->sanitize('time_field', '12:30:00', 'time', $options);
if ($response->getValitimeResponse() === true) {
// all is well
} else {
foreach ($response->getValitimeMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Validate the time and returns null for $field_value if the time does not conform to the constraint.
$options = array();
$options['create_from_time_format'] = 'Y-m-d';
$response = $request->sanitize('time_field', '2013-12-31', 'time', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Formats a time according to the format defined in $options['display_as_time_format'];
$options = array();
$options['create_from_time_format'] = 'Y-m-d';
$options['display_as_time_format'] = 'd/m/Y';
$response = $request->sanitize('time_field', '2013-12-31', 'time', $options);
echo $response->getFieldValue();The text must not have spaces before or after the last visible character.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns false due to the inclusion of spaces before and after the text string.
$response = $request->validate('upper_field', ' This is not trimmed. ', 'Upper');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will result in 'This is trimmed.' and the spaces preceding and following
the text literal will be removed.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('upper_field', ' This is trimmed. ', 'Upper');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Performs sanitize.
Value must conform to one of the values defined within the $valid_values_array.
To override, send in an options entry of the values desired:
$valid_values_array = array(true, 1, 'yes', 'on');
$options = array();
$options['valid_values_array'] = $valid_values_array;Verifies value against constraint, returning a TRUE or FALSE result and error messages
$response = $request->validate('true_only_field', $value, 'True');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value is not defined within the $valid_values_array.
$response = $request->validate('true_only_field', $value, 'True');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
Each character must be an lowercase character.
To allow the 'space character', use the allow_space_character $option.
Verifies value against constraint, returning a TRUE or FALSE result and error messages
This example returns false due to the inclusion of non uppercase characters.
$options = array();
$options['allow_space_character'] = true;
$response = $request->validate('upper_field', 'This is upper', 'Upper');
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Removes characters not conforming to the definition of the constraint. In this example,
$field_value will only contain the uppercase letter T since no other characters meet
the constraint definition.
$options = array();
$options['allow_space_character'] = true;
$response = $request->sanitize('upper_field', 'This is upper.', 'Upper');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Uppercase all character values. In this example, $field_value will contain THIS IS UPPER..
$response = $request->format('upper_field', 'This is upper.', 'Upper');
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Tests that a value is a valid email address. When invalid, validate throws exception while Filter and Escape return null.
$results = $request->validate('url_field', 'http://google.com', 'Url');Value (or array of values) must be defined within the $options['valid_values_array'] array.
Verifies value (or array of values) against constraint, returning a TRUE or FALSE result and error messages
In this example, $response->getValidateResponse() is TRUE since a is in the array a, b, c.
$options = array();
$options['valid_values_array'] = array('a', 'b', 'c');
$response = $request->validate('random_field', 'a', 'Values', $options);
if ($response->getValidateResponse() === true) {
// all is well
} else {
foreach ($response->getValidateMessages as $code => $message) {
echo $code . ': ' . $message . '/n';
}
}Returns null if value (or array of values) is not defined within the $options['valid_values_array'].
In this example, $field_value is NULL since z is not a, b or c.
$options = array();
$options['valid_values_array'] = array('a', 'b', 'c');
$response = $request->validate('random_field', 'z', 'Values', $options);
if ($response->getChangeIndicator() === true) {
$field_value = $response->getFieldValue();
}Not implemented. Value sent in is returned unchanged.
- PHP framework independent, no dependencies
- Requires PHP 5.4, or above
- Semantic Versioning
- Compliant with:
- [phpDocumentor2] (https://github.com/phpDocumentor/phpDocumentor2)
- [phpUnit Testing] (https://github.com/sebastianbergmann/phpunit)
- Author AmyStephen
- [Travis Continuous Improvement] (https://travis-ci.org/profile/Molajo)
- Scrutinizer Analysis Testing using PHP Analyzer, PHP Mess Detector, PHP Code Sniffer, SensioLabs Security Advisory Checker, PHP PDepend, External Code Coverage, PHP Similarity Analyzer
- Listed on [Packagist] (http://packagist.org) and installed using [Composer] (http://getcomposer.org/)
- Use github to submit pull requests and features
- Licensed under the MIT License - see the
LICENSEfile for details