Form Validation validating blank values with min_length and valid_email rules |
(10-17-2017, 09:58 AM)natanfelles Wrote:(10-16-2017, 10:04 AM)Narf Wrote: It's not a "fail", whatever you mean by that. I don't need a translation of the word "fail", I know what it means. What you mean to say with it in this context is an entirely different story - you want the library to work in a way that it was not intended to, and you're just saying "fail" because you're not happy with that. Per the rules it was designed to work with, it does not fail in any way. (10-17-2017, 03:20 PM)natanfelles Wrote:(10-17-2017, 01:29 PM)PaulD Wrote: If you have an email field, that is not required, and the user does not fill it in, then it should not fail the validation, even if the validation says min_length 50, valid email, or whatever. It is not required, so no input is a pass. No, it doesn't accept it as a valid email. It accepts an optional field that was never filled, because that's what "optional" means. (10-17-2017, 03:20 PM)natanfelles Wrote: If blanks values was accepted, then would not be necessary define a validation rule with min_length[1]. It's obvious that a blank string have 0 length and that the validation never could accept this! No, it is obvious that you refuse to accept that this is a form validation library. A form has a pre-defined set of fields, which you choose to fill or not. If you don't fill one, it gets sent as an empty string. Imagine a typical profile update form on a web page, where there's often a "password" and "repeat_password" pair of fields, that are optional, because you don't want to change your password every time you update your profile. One would possibly define a min_length[8] rule for the "password" field, but that cannot mean the validation shouldn't pass if you don't always send a password. (10-17-2017, 03:20 PM)natanfelles Wrote:(10-17-2017, 01:29 PM)PaulD Wrote: I would normally do this by the user selecting exactly what field he wanted to update. Say he chose his email address, then only the email address input is displayed, prefilled, for him to update. If he emptied it and pressed save, the field (assuming it is not required) would be updated to blank or null. This is exactly where you're wrong. The library is aptly named "Form Validation", for a reason. It is only intended for HTML forms. Arbitrary HTTP requests are way outside of its scope. (10-17-2017, 03:20 PM)natanfelles Wrote:(10-17-2017, 01:29 PM)PaulD Wrote: But, if the form validation does not work the way you want it to, you customise it to suit (which might be ill advised) or just do your own validation with a regex and some issets and whatever else you wanted. You may as well only define the rules if the field is being sent - that's both easier and more logical in your case. Still incorrect usage of the library though, and you will encounter other issues when you misuse tools. (10-17-2017, 03:20 PM)natanfelles Wrote: The fact is that the name of the library is Form Validation and not just Validation. I'm using it out of a form. The fact that you have a form somewhere doesn't mean you're using the library as intended. That's just confirmation bias. (10-17-2017, 03:20 PM)natanfelles Wrote: But what I noted is that blank values are accepted when we have rules requiring something that is not blank. Again, only the "required" rule makes fields required. If a field is defined in your rules, it must be defined in the form. If it is not defined in the form, then the form is incomplete. Thus, your assertion that an optional field doesn't need to be sent is false. There's no fooling the system; you're simply using the system for the wrong purpose. (10-17-2017, 03:30 PM)natanfelles Wrote: Look, all forms that do not have rules with the "required" rule can be cracked. The developer could set a super regex to do your validation rule, but if the user send only '', boom! The validation will pass. No, the form cannot be "cracked". You're just being the landlord here. |
Welcome Guest, Not a member yet? Register Sign In |