run()
public function run(?array $rules = null): bool
Description
Executes form validation and returns the result. This method performs automatic CSRF protection, runs validation tests, and stores errors in session for display.
Parameters
| Parameter | Type | Description |
|---|---|---|
| $rules | array|null | (optional) An array containing validation rules in array syntax format. If not provided, uses rules set via set_rules(). |
Return Value
| Type | Description |
|---|---|
| bool |
true - Validation passedfalse - Validation failed
|
Important: The run() method automatically performs CSRF validation. If CSRF validation fails, the script may terminate with a redirect or 403 response.
Example #1: Using set_rules() First
Set rules with set_rules() then call run():
PHP
public function submit(): void {
// Set rules using set_rules()
$this->validation->set_rules('username', 'Username', 'required|min_length[2]|max_length[255]');
$this->validation->set_rules('email', 'Email Address', 'required|valid_email');
// Run validation
$result = $this->validation->run();
if ($result === true) {
// Success: save data
$data['username'] = post('username', true);
$data['email'] = post('email', true);
$this->db->insert($data, 'users');
redirect('users/manage');
} else {
// Failure: redisplay form with errors
$this->create();
}
}Example #2: Passing Rules Array Directly
Pass validation rules as an array to run():
PHP
public function submit(): void {
// Define rules as array
$validation_rules = [
'username' => [
'label' => 'Username',
'required' => true,
'min_length' => 2,
'max_length' => 255
],
'email' => [
'label' => 'Email Address',
'required' => true,
'valid_email' => true
]
];
// Run validation with array
$result = $this->validation->run($validation_rules);
if ($result === true) {
// Success logic
$data['username'] = post('username', true);
$data['email'] = post('email', true);
$this->db->insert($data, 'users');
redirect('users/manage');
} else {
// Failure logic
$this->create();
}
}What Happens When run() is Called
- CSRF Validation: Automatically validates CSRF token (unless
API_SKIP_CSRFis true) - Clear Previous Errors: Removes any existing validation errors from session
- Process Rules: Runs validation tests for each field
- Store Errors: If errors exist, stores them in
$_SESSION['form_submission_errors'] - Return Result: Returns
true(success) orfalse(failure)
Checkbox Validation Example
For checkboxes, use required only if the checkbox must be checked:
PHP
public function submit(): void {
// Required checkbox (must be checked)
$this->validation->set_rules('terms', 'Terms and Conditions', 'required');
// Optional checkbox (no validation rule needed)
// $this->validation->set_rules('newsletter', 'Newsletter', ''); // Don't do this!
if ($this->validation->run() === true) {
$data['terms_accepted'] = (int) (bool) post('terms', true); // 1 if checked
$data['newsletter'] = (int) (bool) post('newsletter', true); // 0 or 1
$this->db->insert($data, 'users');
redirect('users/manage');
} else {
$this->create();
}
}Notes
- Always compare result with
=== true(strict comparison) asrun()returns?bool - Errors are automatically stored in session and can be displayed with
validation_errors() - For API endpoints where CSRF should be skipped, define
define('API_SKIP_CSRF', true); - Empty fields skip validation for most rules (except
required) - The method clears previous errors from session before running new validation
CSRF Blocking: If CSRF validation fails and the request is not from Trongate MX, the user is redirected to BASE_URL. If it's from Trongate MX with ENV='dev', a 403 response is sent with debug information.