Validation
Glueful provides a lightweight, rule-based validation system. You define per-field rule objects and validate associative arrays of input. Some rules can mutate values before validation (sanitization), and the validator exposes the filtered data.
Table of Contents
Overview
The Glueful validation system provides:
- Rule objects for validation logic
- Data sanitization via mutating rules
- Typed, simple API and predictable errors
- No global helper; instantiate the validator with rules
Basic Usage
Validate an input array with rule objects:
use Glueful\Validation\Validator;
use Glueful\Validation\Rules\{Required, Type, Length, Email, Range};
$data = [
'username' => 'jo',
'email' => 'invalid-email',
'age' => '17',
];
$rules = [
'username' => [new Required(), new Type('string'), new Length(min: 3, max: 50)],
'email' => [new Required(), new Email()],
'age' => [new Required(), new Type('integer'), new Range(min: 18)],
];
$validator = new Validator($rules);
$errors = $validator->validate($data);
if ($errors !== []) {
// $errors is an array: field => [messages]
// Example:
// [
// 'username' => ['Must be at least 3 characters.'],
// 'email' => ['Invalid email address.'],
// 'age' => ['Expected integer.', 'Must be >= 18.']
// ]
}
// Get sanitized/filtered values applied by mutating rules:
$filtered = $validator->filtered();
The validator returns errors directly and tracks the last filtered data with filtered().
Built-in Rules
Required
Ensures a value is present and not empty:
use Glueful\Validation\Rules\Required;
$rules = [ 'name' => [new Required()] ];
Length
Validates string length:
use Glueful\Validation\Rules\Length;
$rules = [ 'username' => [new Length(min: 3, max: 50)] ];
Validates email addresses:
use Glueful\Validation\Rules\Email;
$rules = [ 'email' => [new Email()] ];
InArray
Validate a value is one of allowed choices:
use Glueful\Validation\Rules\InArray;
$rules = [ 'role' => [new InArray(['admin', 'user', 'guest'])] ];
Range
Validates integers within a range:
use Glueful\Validation\Rules\Range;
$rules = [ 'age' => [new Range(min: 18, max: 99)] ];
Note: Range validates integers. For date/time validation, implement checks in application code.
Type
Ensure the type matches (e.g., string, integer):
use Glueful\Validation\Rules\Type;
$rules = [
'age' => [new Type('integer')],
'name' => [new Type('string')],
];
Sanitization
Automatically clean data before validation using the Sanitize rule (implements MutatingRule):
use Glueful\Validation\Validator;
use Glueful\Validation\Rules\{Sanitize, Required, Email, Length};
$rules = [
'title' => [new Sanitize(['trim','strip_tags']), new Required()],
'email' => [new Sanitize(['lower']), new Email()],
'code' => [new Sanitize(['upper']), new Length(min: 3, max: 10)],
];
$validator = new Validator($rules);
$validator->validate($data);
$filtered = $validator->filtered();
Supported sanitization ops:
trim,ltrim,rtrimstrip_tagslower/strtolowerupper/strtoupper
Database Checks
DbUnique
Ensure a field is unique in a database table/column:
use Glueful\Validation\Validator;
use Glueful\Validation\Rules\{Required, Email, DbUnique};
$pdo = app('database')->getPDO();
$rules = [
'email' => [new Required(), new Email(), new DbUnique($pdo, 'users', 'email')]
];
$validator = new Validator($rules);
$errors = $validator->validate(['email' => '[email protected]']);
From Requests
Use the request helper to parse JSON/form bodies before validation:
use Glueful\Helpers\RequestHelper;
use Glueful\Validation\Validator;
$input = RequestHelper::getRequestData($request);
$validator = new Validator($rules);
$errors = $validator->validate($input);
if ($errors !== []) {
return Response::validation($errors);
}
Best Practices
- Validate associative arrays; the validator does not use attributes/DTO annotations
- Apply sanitization via
Sanitizeas the first rule for a field - Keep error messages user-friendly in your API responses; rules return generic messages
- For database-backed rules, reuse a long-lived PDO from the container (
app('database')->getPDO())