What is your solution for validating (and processing) forms?

[jmp($fffc)]

As you probably have found out yourself, validating and processing forms is some of the most tedious and time-consuming jobs when making websites. I have thought about writing my own class, but I am not THAT good of a programmer, plus I figured this wheel has been invented already.

 

So basically I would like to know how you fixed this problem.

 

I myself wasn't looking for a "complete" solution with lots of fancy layout stuff (like Form Tools or phpFormGenerator found on hotscripts.com), but more behind-the-screens class. It's nice if the class can build the HTML for me so you can add stuff easily (like addTextfield("name", "initial value") or something), but] I don't mind building the form myself so I have greater control over layout and the HTML that's being used. But, basically, the most important thing is the validation. I wanna build my form, send it all to a black box, and either have that say "it's all okay, you can safely stuff this in your database", or say "this field has too many characters and that field is not a valid email address".

 

I have been using a class called http://www.formhandler.net/ , which works nicely, except that it gives a lot of warnings and notices when working in a strict PHP5 environement.

[akitchin]

i have several functions to handle forms.  i have one function each for making standard inputs, select boxes, and textareas (with control over initial values, names, class / style, etc.) and will just hand-code anything that gets too hard to use the function for.

 

as for validation itself, i have a series of functions that run typical validation such as requiring fields to not be empty, checking against a certain format (e-mail, phone, numerical, string length), and then hand-code any custom validation such as password confirmation matching and whatnot.  my error notation is standardized, so that i can just process through all results in a single run.

 

essentially, i made my own form validation system, comprised of a series of functions and procedures (since i'm a procedural programmer).  if you've been developing for a while, you probably have your own work environment and makeshift "framework" into which your own solution would probably fit better than a pre-made class, but it's entirely up to you.

[Buyocat]

I basically have an array of key to regex and I cycle through the GET data and compare a GET's value against the corresponding regex value.  If the GET doesn't have a corresponding regex then I use a default one which is very strict.  So you can think of this as a whitelist system where I add new regex to the list as I want them.

 

The actual implementation involves a resource file which is read by a class and a method:

boolean check(string key, string value);

 

The drawback for my approach is that all the regex is stored in one place, so if you wanted to have two different regex's for the same key (say a title for a movie and a title for a username) then you would either not be able to do it or would have to pick a different label for one of them (i.e. movie_title, user_title).

 

A similar approach that I've seen that gets around this problem is to have the model maintain an array of regex and pass it to the controller for validation.  This distributes your regex across the application -- which may not be such a good thing -- but also concentrates it near the data it corresponds with -- which may make sense.

[jmp($fffc)]

I'm well on the way of having my own set of functions to handle this too, but I keep spending a lot of time on forms. But when I gave that class formhandler a try, I discovered it saved a lot of time, so that's why I was looking for a ready-to-go class with all the bugs and stuff ironed out.

 

In my search (also on this forum) I came across several people who were working with some kind of PHP framework, and that has caught my interest. I think i will look into these some more, since they seem to have a lot of validation and security elements already built in.