Episodes
01. Setting up
02. Container
03. Application config
04. Routing and controllers
05. Views
06. Database
07. Authentication
08. CSRF Protection
09. Flashing messages
10. Validation
11. Middleware
12. Exception handling
Transcript
00:00
OK, let's talk about an incredibly important part of any app that we're building, and that is validation. Now, we couldn't really do this up until now. Now that we have session flashing enabled, what it means is once we implement validation,
00:13
if this validation fails, we can flash a message and then we can redirect the user back. And that message will be an array of the validation fields that have failed. So if email and password both failed, we'll flash an array of all of the errors. And then we can pick them up in our template really easily.
00:32
You can use any validation library here that you want to. But we're going to go ahead and use respect validation. Feel free to switch this out a little bit later if you don't like it, if you prefer something else. OK, let's go ahead and just pull this in and just start to try and validate.
00:48
So if we head over to the documentation, let's go to the installation section and we'll grab the composer command to pull this in. OK, so let's pull this into our project. OK, let's head straight over to our login controller under our store method.
01:01
And let's start the validation process up here. Before we do this, let's figure out how we are going to pull this validator in. Now, we're actually going to go ahead and alias this. So we're going to pull in respect validation and we're going to pull the validator in.
01:17
But all of these contain static methods. We'll see that in a second. So rather than use validator over and over again, we're going to alias this as B just so it's a little bit more convenient to write.
01:28
So down here in the store method, this will throw an exception if any of the validation rules fail. So let's just do this really plainly, first of all, and then we'll add a try catch block around this to see what we can do. OK, so to use this validator, we use the V validator we aliased
01:46
and we go ahead and choose a key that we want to validate. This is going to be email. This needs to match what you send down in the parsed body. And we know that we called that email.
01:56
So the next thing that we need to do in here is just provide the validation rules. If you need to do anything specific, you can head over to the documentation for this library to see what you need to do. For now, though, let's say that we want the email to be an email address,
02:11
of course, and we want this to be not empty. So, of course, if the user doesn't fill it in, we want to show a validation error. And you just need to chain on any of these methods that you want. For example, we have minimum, maximum, pretty much any validation rules that you need.
02:27
OK, so we can continue to chain onto this to any other things that we need to validate. So next up, let's validate the password. And for us, we're just going to say that we don't want this to be empty. OK, so now that we've defined out the validation rules for the two fields
02:43
that we need to validate, what do we do now? Well, we go ahead and use the assert method, and we pass in the array of data that we want to validate in here. We know that that comes from request and get parse body.
02:56
So let's just pass that directly in. OK, so just doing this, let's see what happens when we try and submit our login form without any details. You can see that we get a validation exception here,
03:08
and it gives us the errors in a rough way. So validation exception, we can go ahead and pick up now, and we can grab the errors specifically, flash them to the session, and then show them on the form.
03:21
So let's add a try catch block around the validation that we're creating here. And let's catch that validator exception. So validator exception, and we'll call that E. OK, how do we get the error messages here?
03:34
Well, we just want to grab them directly from the exception. So let's say E and get messages. And let's see what this gives us. And let's kill the page here as well.
03:43
OK, let's go over and just refresh this and submit the form. We get a fail cross site request forgery check here because this would be regenerated. So we'll have to go and hit the page again for the security to kick in.
03:56
OK, there we go. These are our validation messages. Really, really easy. We've got the key in here for the field, and we've got the actual value.
04:04
Now, you can customize these. I'm not going to do that just now. But of course, head over to the documentation to find out how you can do that. So in here, we now want to flash a message.
04:15
So let's bring in our session functionality into here so we can flash this. So let's pull this in at the top with the correct namespace. And there we go. Let's go down to the exception here.
04:28
And instead of dumping this, let's flash a message with our session error bag. So let's grab this and say add. And let's add errors to this. And let's add those messages to that error bag.
04:44
OK, so now we can redirect. Let's go down here and return a new redirect response. And we can pretty much do the same thing as we did here to redirect the user. So validate, flash a message with that array of errors,
04:58
and then redirect the user back to the login page. OK, let's head back over and hit login. We're redirected back. All we need to do now is pick up those errors on the form.
05:09
And then we can just do this for our register page as well. OK, now that we've done this, inside of the index method, where we're showing the login page, we can go ahead and pass these errors down and then access them with Twig.
05:22
There's a much better way to do this that means that you don't have to pass these errors down every single time. We'll be looking at doing that a little bit later. But for now, let's go ahead and grab the error messages from our session
05:34
using getFlashBag and then getErrors. And we're going to grab the first key from this. Or if there aren't any errors, we're just going to use null. OK, so now what we can do over in our login page is down here,
05:48
underneath our email, is add in an if statement to check these. So we can say errors.email. And we can end that if statement there. And then if there are errors, we can create our component to show this.
06:00
So I'll just write errors in here for now. And we'll grab that in a second. OK, let's hit login. And you can see, sure enough, we have validation errors.
06:08
Let's actually output the error that we have specifically for email. And when we hit login, there we go. So we've got now a validation message showing on the page. And we can just copy and paste this to do exactly the same thing for the password.
06:22
And as you can see now, it shows both of the errors. If we were to go ahead and enter both, of course, this would work. The only problem is at the moment, if we type in, say, an incorrect password, it just redirects us back without any message.
50 episodes•4 hrs 32 mins•2 weeks ago
Course overview
Starting completely from scratch, build a modern PHP framework with all the features you’d expect.
Whether you’re new to PHP or not, this is a great exercise for learning what happens under the hood, arming you with knowledge you can apply anywhere you use PHP.
We’ll cover routing, controllers, views, the container, accessing the database, models, authentication, config, CSRF protection, exception handling, pagination, validation, flashing messages and much more.
Let’s dive in and build a PHP framework, step-by-step!
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!
Comments
No comments, yet. Be the first to leave a comment.