Arabic
Chinese
Dutch
English
French
German
Indonesian
Italian
Japanese
Korean
Malay
Portuguese
Russian
SpanishPHP Luminova: Rule-Based Input Validation
The Validation class allows you to define and apply rules to user-submitted data, ensuring inputs meet specific criteria before processing or saving to the database.
The Input Validation class in the Luminova Framework offers a powerful and flexible way to validate user-submitted data before processing or storing it in a database. It enables you to define validation rules per input field, ensuring that each field meets the expected criteria and application standards. You can also assign custom error messages for better control and user-friendly feedback.
Validation Rules
Luminova provides a wide range of built-in rules including required, min, max, email, integer, alpha, and more. Rules can be added as strings using pipe | separators, or programmatically as arrays. You can also register custom rules using callback functions to handle specific validation logic.
Defining Rules
Rules are defined per field and support parameters within parentheses. You can apply rules either individually or as part of an associative array. This makes it easy to manage validation across multiple fields in a structured and maintainable way.
Example Using Property:
$this->validate->rules = [
'field' => 'required|max(5)',
'username' => 'required|username(false,[system,root,admin])',
/* More fields... */
];Example Using setRules Method:
$this->validate->setRules([
'field' => 'required|max(5)',
'username' => 'required|username(true,[root,www])',
/* More fields... */
]);
Example of Adding Individual Field and Rules:
$this->validate->addField('field', 'required|max(5)');Username Rule
The username rule validates that the username:
- is between 3 and 64 characters long,
- contains only letters (
a-z,A-Z), numbers (0-9), and the characters_,-, or., - follows the casing rules you specify (uppercase allowed or not),
- does not match reserved or system-level usernames you provide,
- does not contain invalid patterns (e.g. starts/ends with a dot, consecutive special characters).
Usage Format:
username(<allowUppercase>, [<reservedUsernames>])
allowUppercase(bool) — Iffalse, uppercase letters are rejected.reservedUsernames(array) — A list of usernames to reject (e.g.root,system).
Error Message Formatting
Custom error messages support dynamic placeholders such as:
{field}Will be replaced with the name of the field being validated.{value}Will be replaced with the actual value that failed validation.{rule}Will be replaced with the name of the validation rule that was violated.
These placeholders allows you to create detailed and context-aware feedback and improves the clarity of validation responses shown to users.
Example Using Property:
$this->validate->messages = [
'email' => [
'required' => 'The {field} field is required.',
'email' => 'The value "{value}" is not a valid {rule}.'
]
];Example Using setMessages Method:
$this->validate->setMessages([
'email' => [
'required' => 'The {field} field is required.',
'email' => 'The value "{value}" is not a valid {rule}.'
]
]);Custom Validation
To define your own custom validation rule using the callback method, ensure your callback is callable and returns true for a successful validation or false for a failed validation.
Additionally, the callback function should be designed to accept two parameters:
value(mixed) - The first parameter is the value submitted.field(string) - The second parameter is the input field name.
Example
Function to perform your custom validation logic.
// app/Utils/Global.php
function myCustomRule(mixed $value, string $field): bool
{
if ($value === 'expected_value') {
return true;
}
return false;
}Adding your function as a validation rule.
$this->validate->rules = [
'custom_field' => 'required|callback(myCustomRule)',
];Controller Example
Setting up validation rules and optional response messages:
// /app/Controllers/Http/SignUpController.php
namespace App\Controllers\Http;
use Luminova\Base\BaseController;
class SignUpController extends BaseController
{
protected function onCreate(): void
{
$this->validate->rules = [
'email' => 'required|email',
'phone' => 'required|phone(10)',
'name' => 'required|alphabet',
];
$this->validate->messages = [
'email' => [
'required' => 'Email is required.',
'email' => 'Invalid email address.'
],
'phone' => [
'required' => 'Phone number is required.',
'phone' => 'Invalid phone number.'
],
'name' => [
'required' => 'Name is required.',
'alphabet' => 'Name contains unsupported characters.'
],
];
}
// Performing validation based on the defined rules:
public function create(): int
{
$body = $this->request->getBody();
if ($this->validate->validate($body)) {
echo 'Validation passed.';
return STATUS_SUCCESS;
}
echo 'Validation failed.';
echo $this->validate->getErrorMessage();
return STATUS_SUCCESS;
}
}Error Response
Retrieving validation error information when validation fails.
Get all validation errors:
var_dump($this->validate->getErrors());Get the first validation error message:
echo $this->validate->getError(0);Get the first validation error by field and error index.
echo $this->validate->getErrorMessage(0);Get information about the first field that failed validation:
var_dump($this->validate->getErrorField(0));Class Definition
- Class namespace:
\Luminova\Security\Validation - This class implements: \Luminova\Interface\ValidatorInterface, \Luminova\Interface\LazyInterface
Properties
rules
Define the validation rules for each form input field. The input field name should be the array key, and the validation rule(s) should be the value.
public array<string,string> $rules = [];messages
Define custom error messages for each validation rule. The array key should be the input field name, and the value should be an array where each key is a validation rule name, and the value is the corresponding error message.
If no custom error messages are provided, a default error message will be used, such as Validation failed for field: 'email', while validating [email].
public array<string,array<string,string>> $messages = [];Methods
validate
Do the validation based on defined rules and input request body.
public validate(array<string,mixed> $input, ?array<string,string> $rules = null): boolParameters:
| Parameter | Type | Description |
|---|---|---|
$input | array<string,mixed> | The input request body to validate (e.g, $this->request->getBody(), $_POST, $_GET, $_REQUEST). |
$rules | array<string,string>|null | Optional array of rules to override initialized rules (default NULL). |
Return Value:
bool - Returns true if all validation rules are passed, otherwise false.
isPassed
Check if all validation rules passed.
public isPassed(): boolReturn Value:
bool - Returns true if all validation rules are passed, otherwise false.
setRules
Set validation fields and rules.
public setRules(array<int,string> $rules): selfParameters:
| Parameter | Type | Description |
|---|---|---|
$rules | array<int,string> | The array of validation rules (e.g, ['email' => 'string\|email', 'name' => 'required']). |
Return Value:
self - Return instance of the Validation class.
setMessages
Set validation error messages based on fields and rules.
public setMessages(array<string,array> $messages = []): selfParameters:
| Parameter | Type | Description |
|---|---|---|
$messages | array<string,array<string,string>> | An error messages for validation rules (e.g, ['email' => ['string' => '...', 'email' => '...'], 'name' => ['required' => '...']]). |
Return Value:
self - Return instance of the Validation class.
addField
Set a field and rules with an optional error messages.
This method can be called multiple times with different field name and rule.For $messages arguments, the array key will be the rule's name while the value is the message to display if form field fails the validation rule.
public addField(string $field, string $rules, array<string,string> $messages = []): selfParameters:
| Parameter | Type | Description |
|---|---|---|
$field | string | The form input field name (e.g, name, email). |
$rules | string | The input field validation rules (e.g, required|string|email). |
$messages | array<string,string> | Optional validation error message for the each rule. |
Return Value:
self - Return instance of the Validation class.
getErrors
Get all validation error messages.
public getErrors(): arrayReturn Value:
array<string,array> - Return array of validation error messages, otherwise empty array.
getError
Get the error message at the specified field and error rules index.
public getError(string|int $fieldIndex = 0, int $errorIndex = 0): stringParameters:
| Parameter | Type | Description |
|---|---|---|
$fieldIndex | string|int | The input field by index position or the input filed name (default: 0). |
$errorIndex | int | The error index for current field if has multiple rules (default: 0). |
Return Value:
string - Return an error message.
getErrorMessage
Get the error message for a specific input field or using field index position.
public getErrorMessage(string|int $fieldIndex = 0): string;Parameters:
| Parameter | Type | Description |
|---|---|---|
$fieldIndex | string|int | The input field by index position or the input filed name (default: 0). |
Return Value:
string - Return an error message for the specified field.
getErrorField
Get the first field that has validation error.
public getErrorField(string|int $fieldIndex = 0): stringParameters:
| Parameter | Type | Description |
|---|---|---|
$fieldIndex | string|int | The input field by index number or input filed name. |
Return Value:
string - Return the field name causing the validation error.
getErrorFields
Get information about the validation error at the specified field index or field name.
When passed an integer index, it will return the first validation error.When passed a string field name, it will return the validation error related to that field name.
public getErrorFields(string|int $fieldIndex = 0): arrayParameters:
| Parameter | Type | Description |
|---|---|---|
$fieldIndex | string|int | The input field by index number or input filed name. |
Return Value:
array<int,array> - Return array error information related to the field validation.
Validation Rules
These rules provide useful validation for various types of data, ensuring that your application processes only valid and expected input.
| Rule | Parameter | Description |
|---|---|---|
| none | void | Ignores the field. Always passes. Alias: nullable. |
| required | void | The field is required and cannot be empty. |
| max() | int | Maximum allowed length. Alias: max_length(). |
| min() | int | Minimum allowed length. Alias: min_length(). |
| length() | int | Exact length required. Alias: exact_length(). |
| alphanumeric | void | Letters (a-z, A-Z) and numbers (0-9) only. |
| alphabet | void | Letters (a-z, A-Z) only. |
| numeric | void | Must be numeric. |
| integer() | string | Must be integer. Optionally specify positive or negative. |
| float() | string | Must be float. Optionally specify positive or negative. |
| decimal | void | Must be decimal. |
| binary | void | Must be binary (0 or 1). |
| hexadecimal | void | Must be valid hexadecimal. |
| string | void | Must be string. |
| array | void | Must be array. |
| json | void | Must be valid JSON. |
| url | void | Must be valid URL. |
| scheme() | string | Must match specified URL scheme (e.g., http, https). |
| ip(version) | int | Must be valid IP. Optionally specify 4, 6, or 0 for any. |
void | Must be valid email. | |
| phone | ?int | Must be valid phone. Optionally specify minimum length. |
| uuid(version) | int | Must be valid UUID. Optionally specify version. |
| path() | string | Must be valid path. Optionally check if readable or writable. |
| match() | string | Must match regex pattern. |
| equals() | string | Must equal value of specified field value. |
| not_equal() | string | Must not equal value of another field. |
| in_array() | string | Must be in specified list. |
| is_value() | string | Must be the specified value. |
| is_list | void | Must be valid comma-separated string list (e.g., foo,bar,baz). |
| keys_exist() | string | Array keys must match specified list. |
| callback() | callable | Call function myFunction(value, field). Must return boolean. |
| fallback() | ?string | Use default value if empty. If empty, defaults to empty string. |
| username(allowUpper, reservedUsernames) | (?bool, ?array) | Must be valid username. Optionally specify if uppercase is allowed and list of reserved names. |