Welcome Guest, Not a member yet? Register   Sign In
Form Validation validating blank values with min_length and valid_email rules
#17

(10-17-2017, 09:58 AM)natanfelles Wrote:
(10-16-2017, 10:04 AM)Narf Wrote: It's not a "fail", whatever you mean by that.

I don't understand why you'd have to validate again all the fields?

Fail because the Validation accepts a blank value as a valid_email or when we have a min_length[1] rule.

Fail because '' is not a Valid Email and '' have 0 length.

I said that I would need to validate again because Form Validation would fail by accepting blank values.

I don't need a translation of the word "fail", I know what it means.
What you mean to say with it in this context is an entirely different story - you want the library to work in a way that it was not intended to, and you're just saying "fail" because you're not happy with that. Per the rules it was designed to work with, it does not fail in any way.

(10-17-2017, 03:20 PM)natanfelles Wrote:
(10-17-2017, 01:29 PM)PaulD Wrote: If you have an email field, that is not required, and the user does not fill it in, then it should not fail the validation, even if the validation says min_length 50, valid email, or whatever. It is not required, so no input is a pass.

Here are the "fail". If the user do not send a field that is not required, then this field is not validated (of course, and it is happening in the current Form Validation). But, if the user send a field with blank value the validation pass. Look, the field is set with '', a blank string. And the validation accept it as a valid email, min lenght, or whatever. This is a fail. A blank string is not a valid email!

No, it doesn't accept it as a valid email. It accepts an optional field that was never filled, because that's what "optional" means.

(10-17-2017, 03:20 PM)natanfelles Wrote: If blanks values was accepted, then would not be necessary define a validation rule with min_length[1]. It's obvious that  a blank string have 0 length and that the validation never could accept this!

No, it is obvious that you refuse to accept that this is a form validation library.
A form has a pre-defined set of fields, which you choose to fill or not. If you don't fill one, it gets sent as an empty string.

Imagine a typical profile update form on a web page, where there's often a "password" and "repeat_password" pair of fields, that are optional, because you don't want to change your password every time you update your profile.
One would possibly define a min_length[8] rule for the "password" field, but that cannot mean the validation shouldn't pass if you don't always send a password.

(10-17-2017, 03:20 PM)natanfelles Wrote:
(10-17-2017, 01:29 PM)PaulD Wrote: I would normally do this by the user selecting exactly what field he wanted to update. Say he chose his email address, then only the email address input is displayed, prefilled, for him to update. If he emptied it and pressed save, the field (assuming it is not required) would be updated to blank or null.

Ok. But this is not just for HTML Forms. The validation is for REST. POST, PUT and PATCH methods.

This is exactly where you're wrong.

The library is aptly named "Form Validation", for a reason. It is only intended for HTML forms. Arbitrary HTTP requests are way outside of its scope.

(10-17-2017, 03:20 PM)natanfelles Wrote:
(10-17-2017, 01:29 PM)PaulD Wrote: But, if the form validation does not work the way you want it to, you customise it to suit (which might be ill advised) or just do your own validation with a regex and some issets and whatever else you wanted.

Yes. A simple way to customize this was adding a check if the input field have blank string or not. Then I added a 'isset' rule and is working fine.

You may as well only define the rules if the field is being sent - that's both easier and more logical in your case.
Still incorrect usage of the library though, and you will encounter other issues when you misuse tools.

(10-17-2017, 03:20 PM)natanfelles Wrote: The fact is that the name of the library is Form Validation and not just Validation. I'm using it out of a form.

The fact that you have a form somewhere doesn't mean you're using the library as intended. That's just confirmation bias.

(10-17-2017, 03:20 PM)natanfelles Wrote: But what I noted is that blank values are accepted when we have rules requiring something that is not blank.

If is said "we need a valid email" and the user send a blank value, it is not a valid email then the Validation MUST say it.

If is said "we need  min 5 characters " and the user send a blank value, it do not have 5 chars then the Validation MUST say it.

If the field is not required the user do not need send it. But if he sent, then the validation MUST works. And this is not occuring at the moment if the user send blank values. That way the client can fool the system and zero all its fields. The rules that are there, will serve no purpose.

Again, only the "required" rule makes fields required.

If a field is defined in your rules, it must be defined in the form. If it is not defined in the form, then the form is incomplete. Thus, your assertion that an optional field doesn't need to be sent is false.

There's no fooling the system; you're simply using the system for the wrong purpose.

(10-17-2017, 03:30 PM)natanfelles Wrote: Look, all forms that do not have rules with the "required" rule can be cracked. The developer could set a super regex to do your validation rule, but if the user send only '', boom! The validation will pass.

No, the form cannot be "cracked". You're just being the landlord here.
Reply


Messages In This Thread
RE: Form Validation validating blank values with min_length and valid_email rules - by Narf - 10-18-2017, 03:06 AM



Theme © iAndrew 2016 - Forum software by © MyBB