NAME
Data::FormValidator - Validates user input (usually from an HTML form)
based on input profile.
SYNOPSIS
use Data::FormValidator;
my $results = Data::FormValidator->check(\%input_hash, \%dfv_profile);
if ($results->has_invalid or $results->has_missing) {
# do something with $results->invalid, $results->missing
# or $results->msgs
}
else {
# do something with $results->valid
}
DESCRIPTION
Data::FormValidator's main aim is to make input validation expressible
in a simple format.
Data::FormValidator lets you define profiles which declare the required
and optional fields and any constraints they might have.
The results are provided as an object which makes it easy to handle
missing and invalid results, return error messages about which
constraints failed, or process the resulting valid data.
VALIDATING INPUT
check()
my $results = Data::FormValidator->check(\%input_hash, \%dfv_profile);
"check" is the recommended method to use to validate forms. It returns
it's results as Data::FormValidator::Results object. A deprecated method
"validate" is also available, returning it's results in array described
below.
use Data::FormValidator;
my $results = Data::FormValidator->check(\%input_hash, \%dfv_profile);
Here, "check()" is used as a class method, and takes two required
parameters.
The first a reference to the data to be be validated. This can either be
a hash reference, or a CGI or Apache::Request object. Note that if you
use a hash reference, multiple values for a single key should be
presented as an array reference.
The second argument is a reference to the profile you are validating.
validate()
my( $valids, $missings, $invalids, $unknowns ) =
Data::FormValidator->validate( \%input_hash, \%dfv_profile);
"validate()" provides a deprecated alternative to "check()". It has the
same input syntax, but returns a four element array, described as
follows
valids
This is a hash reference to the valid fields which were submitted in
the data. The data may have been modified by the various filters
specified.
missings
This is a reference to an array which contains the name of the
missing fields. Those are the fields that the user forget to fill or
filled with space. These fields may comes from the *required* list
or the *dependencies* list.
invalids
This is a reference to an array which contains the name of the
fields which failed one or more of their constraint checks.
Fields defined with multiple constraints will have an array ref
returned in the @invalids array instead of a string. The first
element in this array is the name of the field, and the remaining
fields are the names of the failed constraints.
unknowns
This is a list of fields which are unknown to the profile. Whether
or not this indicates an error in the user input is application
dependant.
new()
Using "new()" is only needed for advanced usage, so feel free to skip
this section if you are just getting started.
That said, using "new()" is useful in some cases. These include:
o Loading more than one profile at a time. Then you can select the
profile you want by name later with "check()". Here's an example:
my $dfv = Data::FormValidator->new({
profile_1 => { # usual profile definition here },
profile_1 => { # another profile definition },
});
As illustrated, multiple profiles are defined through a hash ref
whose keys point to profile definitions.
You can also load several profiles from a file, by defining several
profiles as shown above in an external file. Then just pass in the
name of the file:
my $dfv = Data::FormValidator->new('/path/to/profiles.pl');
If the input profile is specified as a file name, the profiles will
be reread each time that the disk copy is modified.
Now when calling "check()", you just need to supply the profile
name:
my $results = $dfv->check(\%input_hash,'profile_1');
o Applying defaults to more than one input profile. There are some
parts of the validation profile that you might like to re-use for
many form validations.
To facilite this, "new()" takes a second argument, a hash reference.
Here the usual input profile definitions can be made. These will act
as defaults for any subsequent calls to "check()" on this object.
Currently the logic for this is very simple. Any definition of a key
in your validation profile will completely overwrite your default
value.
This means you can't define two keys for "constraint_regexp_map" and
expect they will always be there. This kind of feature may be added
in the future.
The exception here is are definitions for your "msgs" key. You will
safely be able to define some defaults for this key and not have
them entirely clobbered just because "msgs" was defined in a
validation profile.
One way to use this feature is to create your own sub-class that
always provides your defaults to "new()".
Another option to create your own wrapper routine which provides
these defaults to "new()". Here's an example of a routine you might
put in a CGI::Application super-class to make use of this feature:
# Always use the built-in CGI object as the form data
# and provide some defaults to new constructor
sub check_form {
my $self = shift;
my $profile = shift
|| die 'check_form: missing required profile';
require Data::FormValidator;
my $dfv = Data::FormValidator->new({},{
# your defaults here
});
return $dfv->check($self->query,$profile);
}
INPUT PROFILE SPECIFICATION
An input profile is a hash reference containing one or more of the
following keys.
Here is a very simple input profile. Examples of more advanced options
are described below.
my $profile = {
optional => [qw( company
fax
country )],
required => [qw( fullname
phone
email
address )],
constraints => {
email => 'email'
}
};
That defines some fields as optional, some as required, and defines that
the field named 'email' must pass the constraint named 'email'.
Here is a complete list of the keys available in the input profile, with
examples of each.
required
This is an array reference which contains the name of the fields which
are required. Any fields in this list which are not present, or contain
only spaces. will be reported as missing.
required_regexp
required_regexp => qr/city|state|zipcode/,
This is a regular expression used to specify additional fieds which are
required.
require_some => {
# require any two fields from this group
city_or_state_or_zipcode => [ 2, qw/city state zipcode/ ],
}
This is a reference to a hash which defines groups of fields where 1 or
more field from the group should be required, but exactly which fields
doesn't matter. The keys in the hash are the group names. These are
returned as "missing" unless the required number of fields from the
group has been filled in. The values in this hash are array references.
The first element in this hash should be the number of fields in the
group that is required. If the first first field in the array is not an
a digit, a default of "1" will be used.
optional
optional => [qw/meat coffee chocolate/],
This is an array reference which contains the name of optional fields.
These are fields which MAY be present and if they are, they will be
check for valid input. Any fields not in optional or required list will
be reported as unknown.
optional_regexp
optional_regexp => qr/_province$/,
This is a regular expression used to specify additional fieds which are
optional. For example, if you wanted all fields names that begin with
*user_* to be optional, you could use the regular expression, /^user_/
dependencies
dependencies => {
# If cc_no is entered, make cc_type and cc_exp required
"cc_no" => [ qw( cc_type cc_exp ) ],
# if pay_type eq 'check', require check_no
"pay_type" => {
check => [ qw( check_no ) ],
}
},
This is for the case where an optional field has other requirements. The
dependent fields can be specified with an array reference.
If the dependencies are specified with a hash reference then the
additional constraint is added that the optional field must equal a key
for the dependencies to be added.
Any fields in the dependencies list that is missing when the target is
present will be reported as missing.
dependency_groups
dependency_groups => {
# if either field is filled in, they all become required
password_group => [qw/password password_confirmation/],
}
This is a hash reference which contains information about groups of
interdependent fields. The keys are arbitrary names that you create and
the values are references to arrays of the field names in each group.
defaults
defaults => {
country => "USA",
},
This is a hash reference where keys are field names and values are
defaults to use if input for th e field is missing.
The defaults are set shortly before the constraints are applied, and
will be returned with the other valid data.
filters
# trim leading and trailing whitespace on all fields
filters => ['trim'],
This is a reference to an array of filters that will be applied to ALL
optional or required fields.
This can be the name of a built-in filter (trim,digit,etc) or an
anonymous subroutine which should take one parameter, the field value
and return the (possibly) modified value.
Filters modify the data, so use them carefully.
See Data::FormValidator::Filters for details on the built-in filters.
field_filters
field_filters => {
cc_no => "digit"
},
A hash ref with field names and keys. Values are array references of
field-specific filters to apply.
See Data::FormValidator::Filters for details on the built-in filters.
field_filter_regexp_map
field_filter_regexp_map => {
# Upper-case the first letter of all fields that end in "_name"
qr/_name$/ => 'ucfirst',
},
This is a hash reference where the keys are the regular expressions to
use and the values are references to arrays of filters which will be
applied to specific input fields. Used to apply filters to fields that
match a regular expression.
constraints
constraints => {
cc_no => {
constraint => "cc_number",
params => [ qw( cc_no cc_type ) ],
},
cc_type => "cc_type",
cc_exp => "cc_exp",
},
A hash ref which contains the constraints that will be used to check
whether or not the field contains valid data.
The keys in this hash are field names. The values can any of the
following:
o A named constraint.
Example:
my_zipcode_field => 'zip',
See Data::FormValidator::Constraints for the details of which
built-in constraints that are available.
o a perl regular expression
Example:
my_zipcode_field => qr/^\d{5}$/, # match exactly 5 digits
If this field is named in the "untaint_constraint_fields", or
"untaint_all_constraints" is effective, be aware of the following:
If you write your own regular expressions and only match part of the
string then you'll only get part of the string in the valid hash. It
is a good idea to write you own constraints like /^regex$/. That way
you match the whole string.
o a subroutine reference, to supply custom code
This will check the input and return true or false depending on the
input's validity. By default, the constraint function takes one
parameter, the field to be validated. To validate a field based more
inputs than just the field itself, see "VALIDATING INPUT BASED ON
MULTIPLE FIELDS".
Examples:
my_zipcode_field => sub { my $val = shift; return $val =~ '/^\d{5}$/' },
# OR you can reference a subroutine, which should work like the one above
my_zipcode_field => \&my_validation_routine,
o a hash reference, to name a constraint or supply multiple
parameters.
# supply multiple parameters
cc_no => {
constraint => "cc_number",
params => [ qw( cc_no cc_type ) ],
},
# name a constraint, useful for returning error messages
last_name => {
name => "ends_in_name",
constraint => qr/_name$/,
},
Using the hash reference for a constraint allows the possibility to
pass in multiple arguments to the constraintk, and to provide a name
for for a constraint that doesn't have one. The name can be used in
the error message system to return a custom error message for this
constraint. In some cases you will want to use "constraint_method"
instead of "constraint". Consult the documentation for the the
constraint you are using to see which is correct for that case. If
in doubt, use "constraint".
For details see "VALIDATING INPUT BASED ON MULTIPLE FIELDS".
o an array reference
An array reference is used to apply multiple constraints to a single
field. Any of the above options are valid entries the array. See
"MULTIPLE CONSTRAINTS" below.
constraint_regexp_map
constraint_regexp_map => {
# All fields that end in _postcode have the 'postcode' constraint applied.
qr/_postcode$/ => 'postcode',
},
A hash ref where the keys are the regular expressions to use and the
values are the constraints to apply.
If one or more constraints have already been defined for a given field
using "constraints", constraint_regexp_map will add an additional
constraint for that field for each regular expression that matches.
untaint_all_constraints
untaint_all_constraints => 1,
If this field is set all form data that passes a constraint will be
untainted. The untainted data will be returned in the valid hash.
Untainting is based on the pattern match used by the constraint. Note
that some constraint routines may not provide untainting.
See "WRITING YOUR OWN CONSTRAINT ROUTINES" in the
Data::FormValidator::Constraints documention for more information.
This is overridden by "untaint_constraint_fields"
untaint_constraint_fields
untaint_constraint_fields => [qw(zipcode state)],
Specifies that one or more fields will be untainted if they pass their
constraint(s). This can be set to a single field name or an array
reference of field names. The untainted data will be returned in the
valid hash.
This is overrides the untaint_all_constraints flag.
missing_optional_valid
missing_optional_valid => 1
This can be set to a true value to cause missing optional fields to be
included in the valid hash. By default they are not included-- this is
the historical behavior.
This is an important flag if you are using the contents of an "update"
form to update a record in a database. Without using the option, fields
that have been set back to "blank" may fail to get updated.
validator_packages
# load all the constraints from these modules
validator_packages => [qw(Data::FormValdidator::Constraints::Upload)],
This key is used to define other packages which contain constraint
routines. Set this key to a single package name, or an arrayref of
several. All of its constraint routines beginning with 'match_' and
'valid_' will be imported into Data::FormValidator. This lets you
reference them in a constraint with just their name, just like built-in
routines. You can even override the provided validators.
See "WRITING YOUR OWN CONSTRAINT ROUTINES" in the
Data::FormValidator::Constraints documentation for more information
msgs
NOTE: This part of the interface is newer and may change. Use in
production code at your own caution. Contact the maintainer with any
questions or suggestions.
This key is used to define parameters related to formatting error
messages returned to the user.
By default, invalid fields have the message "Invalid" associated with
them while missing fields have the message "Missing" associated with
them.
In the simplest case, nothing needs to be defined here, and the default
values will be used.
The default formatting applied is designed for display in an XHTML web
page. That formatting is as followings:
* %s
The %s will be replaced with the message. The effect is that the message
will appear in bold red with an asterisk before it. This style can be
overriden by simply defining "dfv_errors" appropriately in a style
sheet, or by providing a new format string.
Here's a more complex example that shows how to provide your own default
message strings, as well as providing custom messages per field, and
handling multiple constraints:
msgs => {
# set a custom error prefix, defaults to none
prefix=> 'error_',
# Set your own "Missing" message, defaults to "Missing"
missing => 'Not Here!',
# Default invalid message, default's to "Invalid"
invalid => 'Problematic!',
# message seperator for multiple messages
# Defaults to ' '
invalid_seperator => '
',
# formatting string, default given above.
format => 'ERROR: %s',
# Error messages, keyed by constraint name
# Your constraints must be named to use this.
constraints => {
'date_and_time' => 'Not a vaild time format',
# ...
},
# This token will be included in the hash if they are
# any errors returned. This can be useful with templating
# systems like HTML::Template
# The 'prefix' setting does not apply here.
# defaults to undefined
any_errors => 'some_errors',
}
The hash that's prepared can be retrieved through the "msgs" method
described in the Data::FormValidator::Results documentation.
debug
This method is used to print details about what is going on to STDERR.
Currently only level '1' is used. It provides information about which
fields matched constraint_regexp_map.
A shortcut for array refs
A number of parts of the input profile specification include array
references as their values. In any of these places, you can simply use a
string if you only need to specify one value. For example, instead of
filters => [ 'trim' ]
you can simply say
filters => 'trim'
A note on regular expression formats
In addition to using the preferred method of defining regular
expressions using "qr", a deprecated style of defining them as strings
is also supported.
Preferred:
qr/this is great/
Deprecated, but supported
'm/this still works/'
VALIDATING INPUT BASED ON MULTIPLE FIELDS
You can pass more than one value into a constraint routine. For that,
the value of the constraint should be a hash reference. If you are
creating your own routines, be sure to read the section labeled "WRITING
YOUR OWN VALIDATION ROUTINES", in the Data::FormValidator::Results
documentation. It describes a newer and more flexible syntax.
Using the original syntax, one key should be named "constraint" and
should have a value set to the reference of the subroutine or the name
of a built-in validator. Another required key is *params*. The value of
the *params* key is a reference to an array of the other elements to use
in the validation. If the element is a scalar, it is assumed to a field
name. If the value is a reference, The reference is passed directly to
the routine. Don't forget to include the name of the field to check in
that list, if you are using this syntax.
Example:
cc_no => {
constraint => "cc_number",
params => [ qw( cc_no cc_type ) ],
},
MULTIPLE CONSTRAINTS
Multiple constraints can be applied to a single field by defining the
value of the constraint to be an array reference. Each of the values in
this array can be any of the constraint types defined above.
When using multiple constraints it is important to return the name of
the constraint that failed so you can distinquish between them. To do
that, either use a named constraint, or use the hash ref method of
defining a constraint and include a "name" key with a value set to the
name of your constraint. Here's an example:
my_zipcode_field => [
'zip',
{
constraint => '/^406/',
name => 'starts_with_406',
}
],
You can use an array reference with a single constraint in it if you
just want to have the name of your failed constraint returned in the
above fashion.
Read about the "validate()" function above to see how multiple
constraints are returned differently with that method.
SEE ALSO
Other modules in this distribution:
Data::FormValidator::Constraints
Data::FormValidator::Constraints::Dates
Data::FormValidator::Constraints::Upload
Data::FormValidator::ConstraintsFactory
Data::FormValidator::Filters
Data::FormValidator::Results
A sample application by the maintainer:
Validationg Web Forms with Perl,
Related modules:
Data::FormValidator::Tutorial
CGI::Application::ValidateRM, a CGI::Application & Data::FormValidator
glue module
Params::Validate looks like a better choice for validating function
parameters.
Regexp::Common, Data::Types, Data::Verify, Email::Valid,
String::Checker, CGI::ArgChecker, CGI::FormMagick::Validator,
CGI::Validate
Document Translations:
Japanese:
CREDITS
Some of those input validation functions have been taken from MiniVend
by Michael J. Heins
The credit card checksum validation was taken from contribution by Bruce
Albrecht to the MiniVend program.
BUGS
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Data-FormValidator
AUTHOR
Parts Copyright 2001-2003 by Mark Stosberg , (Current
Maintainer)
Copyright (c) 1999 Francis J. Lacoste and iNsu Innovations Inc. All
rights reserved. (Original Author)
Parts Copyright 1996-1999 by Michael J. Heins
Parts Copyright 1996-1999 by Bruce Albrecht
Support Mailing List
If you have any questions, comments, bug reports or feature suggestions,
post them to the support mailing list! To join the mailing list, visit
LICENSE
This program is free software; you can redistribute it and/or modify it
under the terms as perl itself.