Comments (15)
This is good feature, currently what i do is "filter it first and validate it." this feature will make my life simpler.
from validation.
It's a nice feature!
But we already have a bug =P
<?php
$myPureInt = v::int()->filter("OnlyWords"); // int(0)
v::int()->validate($myPureInt); // true
I think will be better if we work in the other features, and release a stable version before we do this feature.
from validation.
Not sure if its a bug yet, its behavior is currently not defined. What behavior do you expect with the sample you provided?
from validation.
I expect the filter returns false:
<?php
$myPureInt = v::int()->filter("OnlyWords"); // bool false
v::int()->validate($myPureInt); // false
If the filter never returns false, what is the proposal of the validate function?
Maybe I not understand right the idea of the filter... =/
from validation.
Perhaps the int was a bad idea for a first prototype.
I believe in filters as sanitizers. The validators are there just to tell if the data is right, but they don't alter anything. Filters are there to actively make the data right.
For example, The NoWhitespace as a validator returns false when it finds white space, NoWhitespace as a filter would probably strip out any whitespace it founds. Anything like that.
from validation.
I get the concept, but if the filter can't make the data right?
<?php
$dirty = "Foo Bar";
$validator = v::string()->noWhitespace()->length(7,10);
$validator->filter($dirty);
And if the filter will make the data right, why we should validade?
<?php
$myPureInt = v::int()->filter("12 pigs"); // int(12)
(bool)$myPureInt; // true
/* Invalid data */
$myPureInt = v::int()->filter("One pig"); // bool false
(bool)$myPureInt; // false
from validation.
Filtering is more like a "Fix whatever you can for me, I want clean data". Sometimes its impossible to make data right, thats why we should always validate it.
Perhaps some filters should always return null when they can't make things right, so the validator can catch those edge cases.
In some cases the filtering is before validation, in some cases its after validation. "12 " (twelve plus whitespace) is a valid integer number for the Int Rule, but isnt really a good practice to store this on a database with that trailing space. In this case, I would probably apply a post-validation filter before using that data.
Maybe we could split this feature into filters and sanitizers. Sanitizers would clean up data and filters would make them null if they don't follow the rules:
<?php
$dirty = v::digits()->sanitize("12a34"); // string(4) "1234"
v::digits()->validate($dirty); // true
$dirty = v::digits()->filter("12a34"); // NULL
v::digits()->validate($dirty); // false
from validation.
Hm'...
I like the idea, but I guess it's better if filter work this way:
<?php
$dirty = v::digits()->sanitize("12a34"); // string(4) "1234"
v::digits()->validate($dirty); // true
$dirty = v::digits()->filter("12a34"); // string(4) "1234"
v::digits()->validate($dirty); // true
$dirty = v::digits()->sanitize("foo"); // string(1) "0"
v::digits()->validate($dirty); // true
$dirty = v::digits()->filter("foo"); // NULL
v::digits()->validate($dirty); // false
The diference between filter and sanitize is:
- Filter will always return a "valid" data
- Sanitizers filter and validate the data
from validation.
Didn't quite get your idea. Is the samples you provided right?
from validation.
Sorry, I fix the sample...
from validation.
The second sample could be:
<?php
$dirty = v::digits()->sanitize("foo"); // string(0) ""
v::digits()->validate($dirty); // true
$dirty = v::digits()->filter("foo"); // NULL
v::digits()->validate($dirty); // false
The Digits rule accept an empty string as input.
The idea seems nice. Sanitizers could be implemented directly in AbstractRule. They're after all a standardized call to both filter() and validate().
We could raise up some real use cases for these guys, just to validate the concept a little further.
from validation.
Prevent SQL Injection
Let's assume we have a product page, and we get a id parameter:
product.php?id=10
And some kid wanna hack our site:
product.php?id=10 some sql injection exploit --
Let's filter the parameter...
<?php
$dirtyId = $_GET["id"]; // "10 some sql injection exploit --"
$clearId = v::int()->filter($dirtyId); // int(10)
if($clearId){
/* Make a Select in DB like:*/
$sql = "SELECT title, price, photo FROM products WHERE id="+$clearId;
/* Rest of the code */
}else{
echo "FBI will get you!";
}
Help with parsing XML files
Get only the date of an node in a xml file:
<?xml version="1.0" encoding="utf-8" ?>
<post>
<date>Posted in 13/10/2011</date>
<title>FooBaar </title>
</post>
<?php
$xml = simplexml_load_file('post.xml');
$dirtyDate = $xml->date; // Posted in 13/10/2011
$clearDate = v::date('d-m-Y')->sanitize($dirtyDate); // 13/10/2011
from validation.
That seems enough for starting a better implementation. Gonna work on it soon!
from validation.
Improved the current prototype here: 41286de
from validation.
Me and @augustohp decided to drop this for now. Seems that no one used or needed. If you want this, please re-open the issue!
from validation.
Related Issues (20)
- Translation from array HOT 3
- Respect\Stringifier\stringify() undefined function HOT 1
- Given a multirule validator, is there a usage pattern for testing a single rule? HOT 1
- ~~Why does v::containsAny(array('mod'))->validate('mode') return true?~~ Because the expected functionality is confused with In ( https://respect-validation.readthedocs.io/en/latest/rules/In/ ) HOT 1
- messages translate HOT 1
- define different error messages HOT 2
- Is there a roadmap or future plan for this repository? HOT 10
- filterVal not correct working with FILTER_VALIDATE_INT HOT 1
- CountryCode validation for Montenegro HOT 2
- IntVal: ctype_digit gives a deprecated notice in PHP 8.1 HOT 3
- ctype_digit deprecation notice HOT 1
- Release 2.2.4 HOT 2
- Roadmap to 2.3 HOT 13
- Code coverage in local environment HOT 2
- [documentaiton] Validation for a full array of data HOT 3
- Formatter inconsequently stringifies values HOT 6
- IBAN Validation with non-breaking spaces HOT 1
- How do custom validation rules throw custom error messages? HOT 2
- How to compare two field HOT 1
- DateTime validation fails on valid ISO-8601 timestamp HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from validation.