Servage Magazine

Information about YOUR hosting company – where we give you a clear picture of what we think and do!

Using model-based validation in PHP

Monday, January 12th, 2015 by Servage

validationWhenever you want to validate something you set up rules to be followed. This is done more or less advanced by developers, but shares the conceptual purpose of taking some untrusted data and checking it against some validation rules, for example checking the length of a string or the value of a number.

Request-based validation

Simple PHP scripts that handle a HTTP request could be used to validate any input data. This is the old-school primitive way of implementing validation. What you do is simply using some PHP functions to build your own validation checking in a specific place of your code. Like the example below, where a POST parameter is checked to have a minimum length of 5 characters.

$description = $_POST['description'];

if ( $description && strlen($description) >= 5 )
  // Good, description is long enough.
  // Bad, description is too short!

The good thing about this kind of code is that it uses default PHP functionality and is implemented in the position of the code where the actual validation is needed and performed. It is easy to understand and debug. However, this is where benefits of such low-level implementations stop, because essentially you would have to reinvent the wheel by creating same or similar validation rules in many places. You would not be reusing same code, but copying and maintaining variations of the same code. This makes development slower and maintenance a real hassle.

Centralized validation

Above you have seen that a distributed validation system where you perform validation where needed, by implementing custom code, is bad for your project. It is better to centralize your validation so you have fewer places where you store the rules and related code for it. There are different approaches to achieve this.

Reusable validation rules

Most PHP frameworks nowadays provide centralized validation methods. You therefore do not need to reinvent the wheel for every rule you come up with, because they are likely variations of existing validation rules such as minimum string length, minimum value, date ranges, file sizes and many other examples. The way of using them will be different in each framework but is mostly very well documented.

Controller-based validation

The simplest way of taking advantage of reusable validation methods is by using them in the controller code wherever you need it. This would still lead to a quite distributed code, but at least the validation methods are running of the same source and are therefore easy to change globally in your system.

Model-based validation

Storing the validation rules inside your object models is often the preferred solution. This centralized approach enables you to associate validation rules with specific model attributes and their database fields. Thereby you centrally indicate what kind of data is possible and valid for any kind of field. The advantage of this is that you do not need to set the same validation rules up again and again as with controller based validation.

Having validation setup in the model is the most efficient way of reducing the amount of code needed to create and maintain proper validation of the data you handle in your system. If some scenarios need different validation rules, you could even implement that as well, so controllers have some way of manipulating the rules in force for a given scenario. E.g. you have a model attribute “user phone number” which generally speaking could be any kind of valid phone number, but in a given scenario must be a phone number from a specific country. The general rule would be “must be a valid phone number” while you override that in the controller to be the even more specific rule “must be valid US phone number”.

Another major benefit of centralized model-based validation is that you protect your data integrity automatically by providing validation rules inside the models which not only take your logic into account, but also considers the valid data types for attributes to be stored in the database.

References & more reading


Using model-based validation in PHP, 4.3 out of 5 based on 8 ratings
Categories: Tips & Tricks

Keywords: ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No comments yet (leave a comment)

You are welcome to initiate a conversation about this blog entry.

Leave a comment

You must be logged in to post a comment.