Codeigniter Form Validation : order of validation rules - codeigniter

I have a form validation rule of something like this
$this->form_validation->set_rules('name', 'Name', 'trim|required|strip_tags|xss_clean|callback__name_check');
Now if anyone enters <p></p> or equivalent (empty tags), the result will be empty, but somehow required rule will pass as well, resulting in blank name when inserting to database.
I can do an extra check before inserting, but I wonder if there's a way in CI to prevent that?
Thanks

Have you tried to switch required and strip_tags in this rule?
$this->form_validation->set_rules('name', 'Name', 'trim|strip_tags|required|xss_clean|callback__name_check');

Try to delete the strip_tags rule (not appear in the codeigniter user guide) and try with:
$this->form_validation->set_rules('name', 'Name', 'trim|required|prep_for_form|xss_clean|callback__name_check');
I think that this is usefull for you
User guide says:
prep_for_form
Converts special characters so that HTML data can be shown in a form field without breaking it.
http://codeigniter.com/user_guide/libraries/form_validation.html

Related

Set rules method parameters in CodeIgniter

I am trying to validate the username in CodeIgniter using the form_validation library. What I found on the docs was $this->form_validation->set_rules('username', 'Username', 'required');. I'm wondering what are the parameters set in the set rules function? What are they, are they really necessary? I tried to look for the explanation somewhere but never found anything. Can anyone help me understand this?
$this->form_validation->set_rules('username', 'Username', 'required');
First parameter is the name of the respective field .
Second parameter is the message to be displayed.
Third parameter is for condition for form validation.

how to escape form filtering for certain fields using codeigniter

I am using codeigniter form validation and i have set some rules for my form fields. When i type %50 or %test% , I don't get the rest of the texts posted after the first occurrence of % character.
Please help how to solve this.
remove the 'xss_clean' rule.
consider your text box /textarea's name would be, 'mine'
$this->form_validation('mine','Mine', 'trim|required|xss_clean');
to
$this->form_validation('mine','Mine', 'trim|required');
xss clean prevent scripts and encode.
Codeigniter validation library for v3.1.4. Click here
Also use second parameter "true" for input filter:
$this->input->post('data', true);
$this->input->get('data', true);

Codeigniter cannot validate the variable

valueWhen I want to validate posted value in Codeigniter, I do it in the following way:
$this->form_validation->set_rules('name', 'Name','required|xss_clean|strip_tags|trim|max_length[50]|alpha');
But I cannot understand how can I do the same validation for $name variable if it is grabbed from url like this:
$name = end($this->uri->segment_array());
I tried to do this and then validate in the same way
$this->form_validation->set_value('name', $name);
but validation did not pass. Could you please help me.
Technically we refer to this particular validation library as Form Validation which works on form data.
There are other methods such as using route files (which is a perfect tool in CI) that you can take advantage of for URL checking.
Beside any already-developed tools (like uri-validator), you can write your own validating functions.

Laravel validator vs requests

Hello,
I want to understand how to handle data validation with Laravel 5. I see that this can be done using or the validator, or the request files. The thing is that there are many points I didn't get.
What is the difference between using a request file for validation or the validator class ?
If I have validation conditions, and I want to use them only if the concerned field was submitted, how can I do that ? If I use the "required" keyword, it won't work because it will fail when the field is not submitted. If I don't use it, it will accept empty strings...
Thanks ahead !
1. Theoretically there is no difference between Controller validation and Validation using FormRequest. Normally you should use FormRequest. This will keep your controller clean and Minimal. But some time it is sensible to use Validator within controller, e.g you know there is going to be just one field to validate, then it would be overkill to use FormRequest. So it is a matter of preferance.
2. You don't have to use 'required' if the field is not required. Other validation for that field will still run if that field is submitted. If not submitted nothing will happen.
.......
'money' => 'numeric',
.......
Above Rule will make sure that money field is numeric only if it is submitted. If no submitted no validation error will be thrown.
I hope this helps.
Request classes are the better way to validate requests, because
they help to extract this functionality from the constructor method,
which should be as clean as possible.
Use 'sometimes' validator. http://laravel.com/docs/5.1/validation#conditionally-adding-rules

Avoiding form validation enforced checks on non-required fields in CodeIgniter

I have an e-mail field which is -not- required in my form validation. It should be able to be left blank. However, when I use the "valid_email" parameter of the form validation's set_rules, it still gives an error message that the e-mail is not valid when it's not supposed to check this if the field has not been filled out.
Rule Reference
Checking the reference on this matter tells us the following regarding the valid email rule:
Returns FALSE if the form element does not contain a valid email address.
This would be true of an empty field, as well as a field with bad values.
Trimming
I notice in the examples provided by CodeIgniter that emails are usually not only required, and required to be valid emails, but are also trimmed. This may result in a different outcome.
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
During the validation process, the following is considered:
// If the field is blank, but NOT required, no further tests are necessary
if ( ! in_array('required', $rules) AND is_null($postdata))
It may be the case that the contents of your email field aren't exactly null, and are therefore raising flags with the valid_email requirement.
Possible Related Bugs
Three months prior to the date of this answer there was discussion on bitbucket regarding this very topic. The discussion can be viewed at https://bitbucket.org/ellislab/codeigniter-reactor/issue/117/input-fields-are-automatically-required.
It's stated that using array-syntax (see below) in the markup results in similar errors even when the required rule is not set:
<input name="user[email]" />
Further discussion, and patches, are available here, http://codeigniter.com/forums/viewthread/159243. One suggest patch that seems to solve the issue is to replace the is_null() call with empty() in the aforementioned code:
So the following:
if ( ! in_array('required', $rules) AND is_null($postdata))
Becomes:
if ( ! in_array('required', $rules) AND empty($postdata))
according to https://codeigniter.com/user_guide/libraries/validation.html?highlight=validation#id28
use permit_empty this
Allows the field to receive an empty array, empty string, null or
false
so your code looks like this:
$this->form_validation->set_rules('email', 'Email', 'permit_empty|valid_email');
You just have to appreciate that '' IS not a valid e-mail address. If you don't want to validate some postdata and don't care if it's empty, you shouldn't set a rule on it, like so:
if($this->input->post('item'))
{
$this->form_validation->set_rules('item', 'Item number', 'trim|alpha_numeric|max_length[30]');
}
In this case, if there is nothing submitted for 'item', no rule is added, so the rest of the data would go on to validation stage etc. as normal.

Resources