Batch Validating Data in PHP
I'm building a form wizard and need some advice on how to approach the validation of a lot of incoming data from multiple forms in the most efficient way.
My original approach was to run the incoming data through a validator function which would check the values particular to that form and make sure that and required fields are present, correct input name/values are supplied for some forms, emails are valid for some fields, integers for others etc. but my code started looking out of control. I'm wondering if I should be using a database for this type of thing, as I have a wide variety of user data coming in through my application.
Basically, a user can select three different paths, and each path has a minimum of 3 steps and a max of 6 steps, depending on which path is chosen.
I can really structure this in any way, as long as it make sense. I'm open to native PHP solutions or connecting to a database.
I'm extremely grateful for any suggestions.
If I understand correctly your issue arises from the large variety of data you must provide for, and what to check for in each piece of input that gets processed?
A way would be to setup your validator functions for each type of validation (eg required text, number, phone, email etc) and specify in the form elements themselves within the HTML what to check for in each one, parsing that on submission. You will have to use the name field of <input> since apart from the value that's the only other thing submitted with a form.
Lets say you have a phonenumber field that's required. You could write it out in HTML as such:
<input type="text" name="officephone[required_phonenumber]" value="">
Then you would have to parse it properly in the submission script where it would be in $_POST['officephone']['required_phonenumber'], and based on that you would know what validators to run on its value.
This is kind of a crude way that could suffice if you need to allow free-form naming of inputs by the user. Your form wizard would just add the appropriate validator tags to the name based on what the user requires.
On a more generic note on form submission, as with anything that the end user can submit manually on POST, be advised that input names can be tampered with to get something validated differently or not validated at all just by changing the validator tags.
Ideally you will allow only specifically named inputs (perhaps with a unique id suffixed to them), and the naming will carry the appropriate validation in it. For example, your form wizard can name inputs as such:
<input type="text" name="phone_1" value="">
and your form processor will know that anything that starts with "phone" should be validated as a phone number, and then used accordingly. That way you don't have to show how you validate data in your HTML.