Validate and sanitize form inputs and API requests with a PHP library inspired by Laravel, designed specifically for WordPress.
WP Validator is a comprehensive PHP package inspired by Laravel. It simplifies the process of data validation and sanitization for WordPress, providing a versatile and user-friendly solution for developers to ensure that user input meets specific criteria and is secure against common vulnerabilities.
- Data Validation: Easily validate user inputs, form submissions, and API requests.
- Custom Validation Rules: Define your custom validation rules to meet your application's specific needs.
- Error Messages: Detailed error messages to assist users in understanding validation failures.
- Data Sanitization: Optional data sanitization functions for cleaning and formatting data.
To use the wp-validator package for data validation in your PHP application, follow these steps:
Begin by installing the WP Validator package using Composer:
composer require bitapps/wp-validator
Create an instance of the Validator class from the package:
use BitApps\WPValidator\Validator;
$validator = new Validator;
For public methods that can be used with $validator
, refer to the Validator Instance Methods section.
Prepare the data you want to validate and define the validation rules. Here's an example:
$data = [
'first_name' => 'John',
'last_name' => '',
'email' => 'email@example',
'password' => '##112233',
'confirm_password' => '##112233',
];
$rules = [
'first_name' => ['required', 'string'],
'last_name' => ['required', 'string'],
'email' => ['required', 'email'],
'password' => ['required', 'min:8'],
'confirm_password' => ['required', 'min:6', 'same:password'],
];
Explore all available validation rules and their usage in the Available Validation Rules section.
If you need to customize error messages, you can use the $customMessages
array. In this example, we leave it empty.
$customMessages = [];
Learn more about customizing error messages in the Customizing Error Messages section.
Map your field names to user-friendly labels using the $attributes
array, these labels will be used for error messages.
$attributes = [
'first_name' => 'First Name',
'last_name' => 'Last Name',
'email' => 'Email',
];
Execute the validation using the make
method:
$validation = $validator->make($data, $rules, $customMessages, $attributes);
Check if validation fails and, if so, print out the validation errors:
if ($validation->fails()) {
echo "<pre>";
echo print_r($validation->errors(), true);
echo "</pre>";
} else {
echo "Success!";
}
This method runs the validations of $data
based on given $rules
. Optionally, if you pass $customMessages
and $attributes
, it will make the error messages (if any) based on that.
This method will return true or false based on the validation status. If it returns true, that means the validator has found errors in data, and you can get those errors by the errors()
method.
This method will return the error messages (if any) based on the format of the passed $data
array in the make()
method.
WP Validator provides a comprehensive set of validation rules to suit your needs. Here's a list of available rules:
accepted
Checks if the field under validation is one of the following:'yes'
,'on'
,'1'
,1
,'true'
,true
. This is useful for validating agreement type fields.array
Checks if the field under validation is an array.between:min,max
Checks if the field under validation falls within the range of:min
and:max
(inclusive).- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
date
Checks if the field under validation is a valid date according to thestrtotime
PHP function.digit_between:min,max
Checks if the length of digits for the integer number falls within the range of:min
and:max
(inclusive).digits:value
Checks if the length of digits for the integer number is exactly the same as:digits
.email
Checks if the field under validation is a valid email address.integer
Checks if the field under validation is an integer number.ip
Checks if the field under validation is a valid IP (IPv4, IPv6) address.ipv4
Checks if the field under validation is a valid IPv4 address.ipv6
Checks if the field under validation is a valid IPv6 address.json
Checks if the field under validation is a valid JSON string.lowercase
Checks if the field under validation consists of all lowercase letters.mac_address
Checks if the field under validation is a valid MAC address.max:value
Checks if the field under validation is less than or equal to:max
.- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
min:value
Checks if the field under validation has a minimum value of:min
.- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
nullable
Makes the field under validation as optional (allows to be null), but respects other validation rules if specified and value is not null.numeric
Checks if the field under validation is a valid real number.required
Checks if the field under validation is present and not empty. A field is "empty" if it meets one of the following criteria:- The value is
NULL
orFALSE
. - The value is an empty string.
- The value is an empty array or empty countable object.
- The value is
same:field
Checks if the field under validation is equal to the specified:other
attribute.size:value
Checks if the field under validation has exactly the same size as:size
.- For string data, the value corresponds to the number of characters.
- For numeric data, the value corresponds to a given integer value.
- For an array, the value corresponds to the count of the array.
string
Checks if the given value is a string.uppercase
Checks if the string value consists of all uppercase letters.url
Checks if the value is a valid URL.
Missing any validation rule that you need? Refer to the Custom Validation Rule section to know how you can create and use custom validation rules in your project alongside the library.
-
sanitize_email
Strip out all characters that are not allowable in an email address.
e.g.['email' => ['required', 'email', 'sanitize:email']
-
sanitize_file_name
Sanitizes a file name by removing special characters.
e.g['file' => ['required', 'string', 'sanitize:file_name']
-
sanitize_html_class
Sanitize content with allowed HTML tags for class attribute.
e.g['class' => ['required', 'string', 'sanitize:html_class']
-
sanitize_key
Sanitize content with allowed HTML tags for key attribute.
e.g['key' => ['required', 'string', 'sanitize:sanitize_key']
-
sanitize_text
Strip out all characters that are not allowable in a string.
e.g.['name' => ['required', 'string', 'sanitize:text']
-
sanitize_textarea_field
Sanitize content with allowed HTML tags for textarea field.
e.g['content' => ['required', 'string', 'sanitize:textarea']
-
sanitize_title
Strip out all characters that are not allowable in a title.
e.g.['title' => ['required', 'string', 'sanitize:title']
-
sanitize_user
Sanitize a username, striping out unsafe characters.
e.g['user' => ['required', 'string', 'sanitize:user']
-
sanitize_url
Sanitizes a URL by removing invalid characters for safe use in HTML attributes.
e.g.['url' => ['required', 'url', 'sanitize:url']
-
wp_kses
Sanitize content with allowed HTML tags.
e.g['content' => ['required', 'string', 'sanitize:wp_kses|a.href,a.title,br,em,strong']
-
wp_kses_post
Sanitize content with allowed HTML tags for post content.
e.g['content' => ['required', 'string', 'sanitize:wp_kses_post']
Create the class of the validation rule into your project:
<?php
use BitApps\WPValidator\Rule;
class BooleanRule extends Rule
{
// error message if fails...
private $message = "The :attribute must be a boolean";
public function validate($value)
{
// validation code here...
return is_bool($value);
}
public function message()
{
return $this->message;
}
}
Pass them as an instance into the $rules
array:
$rules = [
'agreed' => ['required', new BooleanRule],
];
WP Validator provides default error messages based on validation rules. For added flexibility, you can change these error messages globally or even for specific fields and validation rules:
$customMessages = [
'required' => ':attribute is missing',
'string' => ':attribute cannot contain any numerics',
'between' => 'The :attribute must be given between :min & :max',
'size' => 'The account number must consist of :size characters',
];
Now, for each validation rule, it will return the custom error messages you have set.
Note: :attribute
refers to the field it's currently validating, acting as a placeholder. We have more placeholders like this; explore them in the List of Placeholders section.
If you want more flexibility and wish to customize error messages individually for each validation rule and field, you can also achieve that:
$customMessages = [
'first_name' => [
'required' => 'First name must be present',
'string' => 'You cannot include anything except letters in the first name',
],
'email' => [
'email' => 'The provided email is not valid',
],
];
If you use any other validation rules that you didn't mention in the Custom Messages array, WP Validator will follow the default error message.
:attribute
It will refer to the field name under validation & custom label if changed via$attributes
array.:value
It will refer to the value of the field under validation.:min
It will refer to the min value parameter ofbetween
,digits_between
,min
validation rules.:max
It will refer to the max value parameter ofbetween
,digits_between
,max
validation rules.:digits
It will refer to the value parameter ofdigits
validation rule.:other
It will refer to the field parameter ofsame
validation rule.:size
It will refer to the value parameter ofsize
validation rule.
We welcome contributions from the community. If you find a bug or have a feature suggestion, please open an issue or submit a pull request.
This package is open-source and available under the MIT License.