run()
public function run(?array $validation_array = null): ?bool
Description
Executes form validation and returns the result. This method performs automatic CSRF protection, runs validation tests, and stores errors in session for display.
Parameters
| Parameter | Type | Description |
|---|---|---|
| $validation_array | array|null | (optional) An array containing validation rules in array syntax format. If not provided, uses rules set via set_rules(). |
Return Value
| Type | Description |
|---|---|
| bool|null |
true - Validation passedfalse - Validation failednull - CSRF validation blocked the request (script terminated)
|
Important: The run() method automatically performs CSRF validation. If CSRF validation fails, the script may terminate with a redirect or 403 response.
Example #1: Using set_rules() First
Set rules with set_rules() then call run():
Example #2: Passing Rules Array Directly
Pass validation rules as an array to run():
What Happens When run() is Called
- CSRF Validation: Automatically validates CSRF token (unless
API_SKIP_CSRFis true) - Clear Previous Errors: Removes any existing validation errors from session
- Process Rules: Runs validation tests for each field
- Store Errors: If errors exist, stores them in
$_SESSION['form_submission_errors'] - Return Result: Returns
true(success) orfalse(failure)
Checkbox Validation Example
For checkboxes, use required only if the checkbox must be checked:
Notes
- Always compare result with
=== true(strict comparison) asrun()returns?bool - Errors are automatically stored in session and can be displayed with
validation_errors() - For API endpoints where CSRF should be skipped, define
define('API_SKIP_CSRF', true); - Empty fields skip validation for most rules (except
required) - The method clears previous errors from session before running new validation
CSRF Blocking: If CSRF validation fails and the request is not from Trongate MX, the user is redirected to BASE_URL. If it's from Trongate MX with ENV='dev', a 403 response is sent with debug information.