If you’ve found an error, spotted something missing, or feel a section could be clearer or better explained, we’d love to hear from you. Your feedback helps keep the documentation accurate and useful for everyone.
Please report issues or suggest improvements on GitHub. Community input is invaluable in making the docs stronger.
Not comfortable with GitHub? No problem — you can also get in touch with us directly via our contact form. We welcome all feedback.
Server-side Form Validation
One of the advantages of using Trongate MX is its seamless integration with Trongate's Form Validation Class. This gives developers the opportunity to define and apply validation rules using Trongate’s default (traditional) form validation techniques.
With Trongate MX, you have full control over how server-side validation is handled. As a bonus, all submitted forms are automatically passed through Trongate's built-in CSRF protection protocol, ensuring your applications are safeguarded against malicious cross-site requests - all without any additional setup.
Let’s walk through an example.
Example: Validating a Simple Form
Suppose you have a form that collects a user's name and email address. You want to ensure that both fields are filled out and that the email address is valid. Here's how you could do it using Trongate MX:
Step 1: Define Your Validation Rules
Inside your method that handles the form submission, you can define form validation rules using the set_rules() method, which is part of Trongate's Validation class. For example:
If you prefer, you can define validation rules using array-based syntax. For example:
Step 2: Run the Validation Tests
After defining the rules, you can run the validation tests and respond accordingly, using the run() method:
Built-in and Custom Validation Rules
Trongate comes with a variety of built-in validation rules such as required, valid_email, min_length, and more. You can also create your own custom validation callbacks for scenarios where more specific checks are needed.
Regarding Automatic CSRF Protection
Whenever a form is submitted and validation is triggered using Trongate's Validation class, the framework silently enforces CSRF protection behind the scenes. This security measure requires the presence of a valid CSRF token, which ensures that only legitimate form submissions originating from your application will be accepted.
If you submit a form and use Trongate's Form Validation Class to perform form validation tests, automatic CSRF protection will be activated. This means that the Trongate framework will check for the existence of a valid, posted CSRF token field.
Without posting a valid CSRF token, forms will not be processed!
Therefore, if you plan on using Trongate's Validation class, it's imperative to close forms by using Trongate's form_close() function. Trongate's form_close() function automatically generates a valid, hidden CSRF token field. For more details, please refer to the Trongate PHP Framework documentation on 'Creating Forms'.
Learn More: For comprehensive information about CSRF protection in Trongate MX, including detailed security concepts and implementation details, visit the CSRF Protection page in the Trongate MX Security chapter.
Conclusion
Server-side form validation in Trongate MX is both robust and developer-friendly. Whether you choose to define your validation rules using traditional strings or array-based syntax, the process remains simple and highly effective. With automatic CSRF protection baked in, your forms gain an additional layer of security by default.
In the next section, we’ll look at how to elegantly display validation error messages to your users - ensuring your application communicates feedback with clarity and professionalism.