Using Valitron in WordPress to Validate Form Submissions

ByAmos Lee

Whenever a WordPress theme or plugin handles user-submitted data, you should validate that data before saving it to the database. That means validating required fields, formats, ranges, and similar rules, even if you already validated the same fields in JavaScript on the front end. The library introduced here is Valitron, one of the most widely used server-side validation libraries in PHP. It is simple, lightweight, elegant, and does not depend on any other framework.

Valitron

Installing Valitron

Like many modern PHP libraries, Valitron can be installed and upgraded directly with Composer:

php composer.phar require vlucas/valitron

Validating Data with Valitron

To validate data, instantiate the Validator class with the array you want to check. Then add rules. If validation fails, you can retrieve the error messages with $v->errors().

$v = new ValitronValidator( array('name' => 'Validate me and I will pass.') );
$v->rule('required', 'name');

if ($v->validate()) {
    echo "Validation passed.";
} else {
    print_r($v->errors());
}

You can also validate $_POST directly. In the following example, the name and email fields are required, and email must contain a valid email address.

$v = new ValitronValidator($_POST);

$v->rule('required', ['name', 'email']);
$v->rule('email', 'email');

if ($v->validate()) {
    echo "Validation passed only if the user submitted both a name and an email address.";
} else {
    print_r($v->errors());
}

Built-In Validation Rules

Valitron comes with a rich set of built-in validation rules, which are usually enough for most WordPress development tasks. If the defaults are not enough, you can also define your own rules.

  • required — required field
  • equals — must match another field
  • different — must be different from another field
  • accepted — checkbox or radio field must be accepted
  • numeric — must be numeric
  • integer — must be an integer
  • array — must be an array
  • length — must have a fixed length
  • lengthBetween — must be between two lengths
  • lengthMin — minimum length
  • lengthMax — maximum length
  • min — minimum numeric value
  • max — maximum numeric value
  • in — must be one of a given set of values
  • notIn — must not be one of a given set of values
  • ip — must be a valid IP address
  • email — must be a valid email address
  • url — must be a valid URL
  • urlActive — must be a reachable URL
  • alpha — alphabetic characters only
  • alphaNum — letters and numbers only
  • slug — a valid URL slug
  • regex — must match a custom regular expression
  • date — must be a valid date
  • dateFormat — must match a specific date format
  • dateBefore — must be before a given date
  • dateAfter — must be after a given date
  • contains — must contain a given substring
  • creditCard — must be a valid credit card number
  • instanceOf — must be an instance of a given PHP class
  • optional — field may be omitted, but if present it must pass validation

One practical note: if you need highly accurate min and max validation for floating-point numbers, it is a good idea to install the PHP BCMath extension. Valitron will use it automatically when it is available.

Customizing Error Messages

If the default validation messages are not suitable, you can point Valitron to your own language directory and load a custom language file:

use ValitronValidator as V;

V::langDir(__DIR__.'/validator_lang');
V::lang('zh-cn');

Valitron makes it much easier to validate form submissions consistently. Once validation becomes easier, developers are far less likely to skip it. Better validation means more reliable applications, fewer bugs, and stronger security.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *