GitHub
Luminova Framework
Toggle Theme
Version

Examples of Input Validation and CSRF Protection

Last updated: 2024-08-28 22:45:23

Learn how to effectively use Input validation and CSRF security to protect your application integrity, with working implementation examples.

Input Validation

To set validation rules you can separate each rule with a parenthesis and parameter in bracket notation.

Adding rule one after another

<?php
$this->validate->addRule('name', 'required|max(10)|alphanumeric', [
    'required' => 'Error message for required',
    'max_length' => 'Error message for max_length',
    'alphanumeric' => 'Error message for alphanumeric'
]);

Setting rules from array.

<?php
$rules = [
    'name' => 'required|max(10)|alphanumeric',
    'age' => 'required|integer|min(2)|max(3)',
    'email' => 'required|email',
];

$errorMessages = [
    'name' => [
        'required' => 'Error message for required',
        'max' => 'Error message for max_length',
        'alphanumeric' => 'Error message for alphanumeric'
    ],
    'email' => [
        'required' => 'The email field is required.',
        'email' => 'The email address [value] is not valid.'
    ],
    'age' => [
        'required' => 'The age field is required.',
        'integer' => 'The age must be an integer.',
        'min' => 'The age minimum length must 2.',
        'max' => 'The age maximum length must 3.'
    ]
];

$this->validate->setRules($rules, $errorMessages);

If you didn't specify the array of error messages on setRules, it will use a default error message.

Additionally rules and errors can be set in a public variable $this->validate->rules and $this->validate->errors.

Input Validation Controller

This simple controller examples shows how you can validate user entries using validator class.

<?php
namespace App\Controllers;

use \Luminova\Base\BaseController;

class UserController extends BaseController
{
    public function userLogin(): void 
    {
        $this->validate->rules = [
            'email' => 'required|email',
            'password' => 'required|min(6)',
        ];

        $this->validate->messages = [
            'email' => [
                'required' => 'Email must not be empty',
                'email' => 'Email address must be a valid email.'
            ],
            'password' => [
                'required' => 'Password must not be empty',
                'min' => 'Password must not be less than 6 characters'
            ],
        ];

        if($this->validate->validate($this->request->getBody())){
            echo "Validation passed";
        }else{
            echo 'Validation failed';
            echo $this->validate->getError();
        }
    }
}

Callback

Defining your own callback validation.

You can define your validation rule in your dev global helper file located in /app/Utils/Global.php.

<?php 
function id_is_integer(mixed $value, string $field): bool
{
    if($field === 'my-user-id'){
         return is_integer($value);
     }

     return true;
}

$this->validate->rules = [
     'my-user-id' => 'required|callback(id_is_integer)'
];
« Previous Input Validation
On this page