Download the PHP package vlucas/valitron without Composer

Valitron: Easy Validation That Doesn't Suck

Valitron is a simple, minimal and elegant stand-alone validation library with NO dependencies. Valitron uses simple, straightforward validation methods with a focus on readable and concise syntax. Valitron is the simple and pragmatic validation library you've been looking for.

Get supported vlucas/valitron with the Tidelift Subscription

Why Valitron?

Valitron was created out of frustration with other validation libraries that have dependencies on large components from other frameworks like Symfony's HttpFoundation, pulling in a ton of extra files that aren't really needed for basic validation. It also has purposefully simple syntax used to run all validations in one call instead of individually validating each value by instantiating new classes and validating values one at a time like some other validation libraries require.

In short, Valitron is everything you've been looking for in a validation library but haven't been able to find until now: simple pragmatic syntax, lightweight code that makes sense, extensible for custom callbacks and validations, well tested, and without dependencies. Let's get started.

Installation

Valitron uses Composer to install and update:

The examples below use PHP 5.4 syntax, but Valitron works on PHP 5.3+.

Usage

Usage is simple and straightforward. Just supply an array of data you wish to validate, add some rules, and then call validate(). If there are any errors, you can call errors() to get them.

Using this format, you can validate $_POST data directly and easily, and can even apply a rule like required to an array of fields:

You may use dot syntax to access members of multi-dimensional arrays, and an asterisk to validate each member of an array:

Or use dot syntax to validate all members of a numeric array:

You can also access nested values using dot notation:

Setting language and language dir globally:

Disabling the {field} name in the output of the error message.

You can conditionally require values using required conditional rules. In this example, for authentication, we're requiring either a token when both the email and password are not present, or a password when the email address is present.

Built-in Validation Rules

• required - Field is required
• requiredWith - Field is required if any other fields are present
• requiredWithout - Field is required if any other fields are NOT present
• equals - Field must match another field (email/password confirmation)
• different - Field must be different than another field
• accepted - Checkbox or Radio must be accepted (yes, on, 1, true)
• numeric - Must be numeric
• integer - Must be integer number
• boolean - Must be boolean
• array - Must be array
• length - String must be certain length
• lengthBetween - String must be between given lengths
• lengthMin - String must be greater than given length
• lengthMax - String must be less than given length
• min - Minimum
• max - Maximum
• listContains - Performs in_array check on given array values (the other way round than in)
• in - Performs in_array check on given array values
• notIn - Negation of in rule (not in array of values)
• ip - Valid IP address
• ipv4 - Valid IP v4 address
• ipv6 - Valid IP v6 address
• email - Valid email address
• emailDNS - Valid email address with active DNS record
• url - Valid URL
• urlActive - Valid URL with active DNS record
• alpha - Alphabetic characters only
• alphaNum - Alphabetic and numeric characters only
• ascii - ASCII characters only
• slug - URL slug characters (a-z, 0-9, -, _)
• regex - Field matches given regex pattern
• date - Field is a valid date
• dateFormat - Field is a valid date in the given format
• dateBefore - Field is a valid date and is before the given date
• dateAfter - Field is a valid date and is after the given date
• contains - Field is a string and contains the given string
• subset - Field is an array or a scalar and all elements are contained in the given array
• containsUnique - Field is an array and contains unique values
• creditCard - Field is a valid credit card number
• instanceOf - Field contains an instance of the given class
• optional - Value does not need to be included in data array. If it is however, it must pass validation.
• arrayHasKeys - Field is an array and contains all specified keys.

NOTE: If you are comparing floating-point numbers with min/max validators, you should install the BCMath extension for greater accuracy and reliability. The extension is not required for Valitron to work, but Valitron will use it if available, and it is highly recommended.

required fields usage

the required rule checks if a field exists in the data array, and is not null or an empty string.

Using an extra parameter, you can make this rule more flexible, and only check if the field exists in the data array.

Alternate syntax.

requiredWith fields usage

The requiredWith rule checks that the field is required, not null, and not the empty string, if any other fields are present, not null, and not the empty string.

Alternate syntax.

Note You can provide multiple values as an array. In this case if ANY of the fields are present the field will be required.

Alternate syntax.

Strict flag

The strict flag will change the requiredWith rule to requiredWithAll which will require the field only if ALL of the other fields are present, not null, and not the empty string.

Alternate syntax.

Likewise, in this case validate() would still return true, as the suffix field would not be required in strict mode, as not all of the fields are provided.

requiredWithout fields usage

The requiredWithout rule checks that the field is required, not null, and not the empty string, if any other fields are NOT present.

Alternate syntax.

Note You can provide multiple values as an array. In this case if ANY of the fields are NOT present the field will be required.

Alternate syntax.

Strict flag

The strict flag will change the requiredWithout rule to requiredWithoutAll which will require the field only if ALL of the other fields are not present.

Alternate syntax.

Likewise, in this case validate() would still return true, as the username field would not be required in strict mode, as all of the fields are provided.

equals fields usage

The equals rule checks if two fields are equals in the data array, and that the second field is not null.

Alternate syntax.

different fields usage

The different rule checks if two fields are not the same, or different, in the data array and that the second field is not null.

Alternate syntax.

accepted fields usage

The accepted rule checks if the field is either 'yes', 'on', 1, or true.

Alternate syntax.

numeric fields usage

The numeric rule checks if the field is number. This is analogous to php's is_numeric() function.

Alternate syntax.

integer fields usage

The integer rule checks if the field is an integer number.

Alternate syntax.

Note the optional boolean flag for strict mode makes sure integers are to be supplied in a strictly numeric form. So the following rule would evaluate to true:

Whereas the following will evaluate to false, as the + for the positive number in this case is redundant:

boolean fields usage

The boolean rule checks if the field is a boolean. This is analogous to php's is_bool() function.

Alternate syntax.

array fields usage

The array rule checks if the field is an array. This is analogous to php's is_array() function.

Alternate Syntax.

length fields usage

The length rule checks if the field is exactly a given length and that the field is a valid string.

Alternate syntax.

lengthBetween fields usage

The lengthBetween rule checks if the field is between a given length tange and that the field is a valid string.

Alternate syntax.

lengthMin fields usage

The lengthMin rule checks if the field is at least a given length and that the field is a valid string.

Alternate syntax.

lengthMax fields usage

The lengthMax rule checks if the field is at most a given length and that the field is a valid string.

Alternate syntax.

min fields usage

The min rule checks if the field is at least a given value and that the provided value is numeric.

Alternate syntax.

max fields usage

The max rule checks if the field is at most a given value and that the provided value is numeric.

Alternate syntax.

listContains fields usage

The listContains rule checks that the field is present in a given array of values.

Alternate syntax.

in fields usage

The in rule checks that the field is present in a given array of values.

Alternate syntax.

notIn fields usage

The notIn rule checks that the field is NOT present in a given array of values.

Alternate syntax.

ip fields usage

The ip rule checks that the field is a valid ip address. This includes IPv4, IPv6, private, and reserved ranges.

Alternate syntax.

ipv4 fields usage

The ipv4 rule checks that the field is a valid IPv4 address.

Alternate syntax.

ipv6 fields usage

The ipv6 rule checks that the field is a valid IPv6 address.

Alternate syntax.

email fields usage

The email rule checks that the field is a valid email address.

Alternate syntax.

emailDNS fields usage

The emailDNS rule validates the field is a valid email address with an active DNS record or any type.

Alternate syntax.

url fields usage

The url rule checks the field is a valid url.

Alternate syntax.

urlActive fields usage

The urlActive rule checks the field is a valid url with an active A, AAAA, or CNAME record.

Alternate syntax.

alpha fields usage

The alpha rule checks the field is alphabetic characters only.

Alternate syntax.

alphaNum fields usage

The alphaNum rule checks the field contains only alphabetic or numeric characters.

Alternate syntax.

ascii fields usage

The ascii rule checks the field contains only characters in the ascii character set.

Alternate syntax.

slug fields usage

The slug rule checks that the field only contains URL slug characters (a-z, 0-9, -, _).

Alternate syntax.

regex fields usage

The regex rule ensures the field matches a given regex pattern. (This regex checks the string is alpha numeric between 5-10 characters).

Alternate syntax.

date fields usage

The date rule checks if the supplied field is a valid \DateTime object or if the string can be converted to a unix timestamp via strtotime().

Alternate syntax.

dateFormat fields usage

The dateFormat rule checks that the supplied field is a valid date in a specified date format.

Alternate syntax.

dateBefore fields usage

The dateBefore rule checks that the supplied field is a valid date before a specified date.

Alternate syntax.

dateAfter fields usage

The dateAfter rule checks that the supplied field is a valid date after a specified date.

Alternate syntax.

contains fields usage

The contains rule checks that a given string exists within the field and checks that the field and the search value are both valid strings.

Alternate syntax.

Note You can use the optional strict flag to ensure a case-sensitive match. The following example will return true:

Whereas, this would return false, as the M in the search string is not uppercase in the provided value:

subset fields usage

The subset rule checks that the field is either a scalar or array field and that all of it's values are contained within a given set of values.

Alternate syntax.

This example would return false, as the provided color, purple, does not exist in the array of accepted values we're providing.

containsUnique fields usage

The containsUnique rule checks that the provided field is an array and that all values contained within are unique, i.e. no duplicate values in the array.

Alternate syntax.

This example would return false, as the values in the provided array are duplicates.

Credit Card Validation usage

Credit card validation currently allows you to validate a Visa visa, Mastercard mastercard, Dinersclub dinersclub, American Express amex or Discover discover

This will check the credit card against each card type

To optionally filter card types, add the slug to an array as the next parameter:

If you only want to validate one type of card, put it as a string:

If the card type information is coming from the client, you might also want to still specify an array of valid card types:

instanceOf fields usage

The instanceOf rule checks that the field is an instance of a given class.

Alternate syntax.

Note You can also compare the value against a given object as opposed to the string class name. This example would also return true:

optional fields usage

The optional rule ensures that if the field is present in the data set that it passes all validation rules.

Alternate syntax. This example would return true either when the 'username' field is not present or in the case where the username is only alphabetic characters.

This example would return false, as although the field is optional, since it is provided it must pass all the validation rules, which in this case it does not.

arrayHasKeys fields usage

The arrayHasKeys rule ensures that the field is an array and that it contains all the specified keys. Returns false if the field is not an array or if no required keys are specified or if some key is missing.

Adding Custom Validation Rules

To add your own validation rule, use the addRule method with a rule name, a custom callback or closure, and a error message to display in case of an error. The callback provided should return boolean true or false.

You can also use one-off rules that are only valid for the specified fields.

This is useful because such rules can have access to variables defined in the scope where the Validator lives. The Closure's signature is identical to Validator::addRule callback's signature.

If you wish to add your own rules that are not static (i.e., your rule is not static and available to call Validator instances), you need to use Validator::addInstanceRule. This rule will take the same parameters as Validator::addRule but it has to be called on a Validator instance.

Chaining rules

You can chain multiple rules together using the following syntax.

Alternate syntax for adding rules

As the number of rules grows, you may prefer the alternate syntax for defining multiple rules at once.

If your rule requires multiple parameters or a single parameter more complex than a string, you need to wrap the rule in an array.

You can also specify multiple rules for each rule type.

Putting these techniques together, you can create a complete rule definition in a relatively compact data structure.

You can continue to add individual rules with the rule method even after specifying a rule definition via an array. This is especially useful if you are defining custom validation rules.

You can also add rules on a per-field basis:

Or for multiple fields at once:

Adding field label to messages

You can do this in two different ways, you can add a individual label to a rule or an array of all labels for the rules.

To add individual label to rule you simply add the label method after the rule.

There is a edge case to this method, you wouldn't be able to use a array of field names in the rule definition, so one rule per field. So this wouldn't work:

However we can use a array of labels to solve this issue by simply adding the labels method instead:

This introduces a new set of tags to your error language file which looks like {field}, if you are using a rule like equals you can access the second value in the language file by incrementing the field with a value like {field1}.

Re-use of validation rules

You can re-use your validation rules to quickly validate different data with the same rules by using the withData method:

Running Tests

The test suite depends on the Composer autoloader to load and run the Valitron files. Please ensure you have downloaded and installed Composer before running the tests:

1. Download Composer curl -s http://getcomposer.org/installer | php
2. Run 'install' php composer.phar install
3. Run the tests phpunit

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Make your changes
4. Run the tests, adding new ones for your own code if necessary (phpunit)
5. Commit your changes (git commit -am 'Added some feature')
6. Push to the branch (git push origin my-new-feature)
7. Create new Pull Request
8. Pat yourself on the back for being so awesome

Security Disclosures and Contact Information

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.