Something important to note about what’s defined in an InputFilter is that you define both the client-side validation and the server validation. These two are name separated and duplicated. Let me explain.
In an InputFilter you declare ‘filters’ and ‘validators’. Validators are used both server and client side. On the
client-side they’re used in the views to add attributes to the form fields. For example, a validator “StringLength” with
the option [‘min’ => 10] makes sure that the form field receives an attribute of ‘length’ with value {,10}, which is
the Regex pattern for a maximum of 10 characters. A default form error message is also created to show the user in case
this validator will be violated and the form will not be send until the condition is met. Server side the validator will
be used again to do almost the same, the received value is validated to match the validator and it will throw an error
if it’s violated and halt execution. (An example for when this could happen is if you remove the client side attribute
in your Dev Tools when you’ve loaded the form).
Filters get executed server-side. They modify the received data and get executed before the validators. (That is important!) Examples are the commonly used filters “StripTags” and “StringTrim”. They’re used to remove HTML tags and special characters, respectively, from strings. This is to prevent malicious code injection. We don’t want a user to execute anything that we don’t know about on our server.
So, a quick summary before we make it work.
We’ve now created the route we need for the view. We created the view to show the PostForm and to fill this view we’ve
created the PostForm and it’s parent AbstractForm. To validate any data we might receive we’re creating a
PostInputFilter.
Now fill the \module\Blog\src\Blog\InputFilter\PostInputFilter.php file with the code below.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
namespace Blog\InputFilter;
use Zend\InputFilter\InputFilter;
use Zend\InputFilter\Factory as InputFactory;
class PostInputFilter extends InputFilter
{
public function __construct()
{
$factory = new InputFactory();
$this->add(
$factory->createInput([
'name' => 'id',
'required' => false,
'allow_empty' => true,
'filters' => [
['name' => 'Int'],
],
])
);
$this->add(
$factory->createInput([
'name' => 'title',
'required' => true,
'allow_empty' => false,
'filters' => [
['name' => 'StripTags'],
['name' => 'StringTrim'],
],
'validators' => [
[
'name' => 'StringLength',
'options' => [
'min' => '3',
'max' => '128',
],
],
],
])
);
$this->add(
$factory->createInput([
'name' => 'body',
'required' => true,
'allow_empty' => false,
'filters' => [
['name' => 'StripTags'],
['name' => 'StringTrim'],
],
'validators' => [
[
'name' => 'StringLength',
'options' => [
'min' => '10',
],
],
],
])
);
}
}