Class: Validator

Provides flexible input validation for form and model input. Also see the Form class for examples on implementing matching client-side validation through Elefant's jquery.verify_values.js jQuery plugin.



// single value
if (! Validator::validate ($_POST['email'], 'email')) {
    // failed

// list of values
$failed = Validator::validate_list (

if (count ($failed) > 0) {
    // failed


public static $invalid = array ()

The full details of which rules failed in a call to Validator::validate_list().


public static validate ($value, $type, $validator = false)

Verifies the specified value, useful for input validation. Pass the value, a type of validation, and a validator. Types include:

  • skip_if_empty - a special verifier that tells validate_list() to skip validation on the field if it's been left blank.
  • file - a special verifier that tells validate_list() to check if it's a valid uploaded file.
  • filetype - a special verifier that tells validate_list() to check if the file name contains one of a list of comma-separated extensions.
  • regex - calls preg_match($validator, $value)
  • type - calls is_$validator($value)
  • callback - calls call_user_func($validator, $value)
  • email - a valid email address
  • url - a valid url
  • localpath - a valid local url path (begins with /)
  • range - number within a range e.g., 123-456
  • length - string of length, $verifier examples: 6, 6+, 6-12, 12-
  • gt - greater than
  • gte - greater than or equal to
  • lt - less than
  • lte - less than or equal to
  • empty - value is empty
  • not empty - value is not empty
  • contains - stristr($value, $validator)
  • equals - equality test
  • date - date value (YYYY-MM-DD)
  • time - time value (HH:MM:SS)
  • datetime - date and time value (YYYY-MM-DD HH:MM:SS)
  • header - verifies there are no newlines so spammers can't pass headers to mail()
  • unique - verifies it's unique to a table and column in the database, $verifier should be 'table_name.column_name'
  • exists - verifies that a file exists in the specified directory, $verifier should be a directory path with no trailing /, or optionally a file path with %s in it for the form value.
  • matches - Matches another variable, e.g., "$_POST['name']", must be a global or superglobal.

Functions must accept only the value of the variable and return a boolean value.

You can also specify 'not' in front of any rule to check for its opposite, for example "not empty".

For array elements (e.g., <input name="name[]" />), you can also specify 'each' in front of any rule and the rule will be applied to each element of the array instead of the array itself. Note that the 'each' must come before 'not', for example "each email" would make sure each is a valid email address, and "each not empty" would make sure each is not empty.

public static validate_list ($values, $validations = array ())

Validate a list of values, such as $_GET or $_POST data against a list of validation rules. If the rules are a string, it will look for a file and parse it using parse_ini_file() for the rules. The format is as follows:

email = 1

type = string
regex = "/^[a-z]+$/i"

skip_if_empty = 1
unique = "table.column"

Returns an array of failed fields. If the array is empty, everything passed.