PHPackages yohgaki/validate-php-scr - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Validation & Sanitization](/categories/validation) 4. / 5. yohgaki/validate-php-scr ActiveLibrary[Validation & Sanitization](/categories/validation) yohgaki/validate-php-scr ======================== Simple general purpose input data validation framework. Script version. v0.8.0(3y ago)13MITPHPPHP >=7.0 Since Oct 8Pushed 3y ago1 watchersCompare [ Source](https://github.com/yohgaki/validate-php-scr)[ Packagist](https://packagist.org/packages/yohgaki/validate-php-scr)[ Docs](https://github.com/yohgaki/validate-php-scr)[ RSS](/packages/yohgaki-validate-php-scr/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)DependenciesVersions (2)Used By (0) "Validate" for PHP - An INPUT data validation framework ======================================================= [](#validate-for-php---an-input-data-validation-framework) [![Build Status](https://camo.githubusercontent.com/1506f7f63210a64b663e598587d4e93cca04e6fbd573c4f688b7f09eea21880b/68747470733a2f2f7472617669732d63692e6f72672f796f6867616b692f76616c69646174652d7068702d7363722e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/yohgaki/validate-php-scr) "Validate" is "input data validation **framework**" that is developed to be useful for "CERT Secure Coding" and "Design by Contract"(DbC). "Validate" is designed to develop [**OWASP TOP 10 A10:2017 vulnerability**](https://www.owasp.org/index.php/Top_10-2017_A10-Insufficient_Logging%26Monitoring) compliant application. "Validate" is planned to be implemented as C module for PHP. [**CERT Top 10 Secure Coding Practices.**](https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices) > **1. Validate input**. Validate input from **all untrusted data sources**. Proper input validation can eliminate the vast majority of software vulnerabilities. **Be suspicious of most external data sources**, including command line arguments, network interfaces, environmental variables, and user controlled files \[Seacord 05\]. Validate for PHP is designed to help ["Standard Input Validation"](https://cwe.mitre.org/top25/mitigations.html#Mit-M1). > Use a **standard input validation** mechanism to validate all input for: > > - length > - type of input > - syntax > - missing or extra inputs > - consistency across related fields > - business rules Basic Design ------------ [](#basic-design) - **Framework** - "Validate" is framework, not an out of box library by itself. Provides easy, yet flexible input data validations. - **Secure** - No insecure defaults. Everything has to be specified explicitly. i.e. White list. - **Fast & Simple** - Define data validation rules and use them. No code execution for building validation rules. - **Easy to use** - Simple PHP array rule specification. Plain PHP code for complex inputs. - **Native type** - Returns natively typed data by default. Eliminates type conversions and helps faster PHP code execution with type hints. "Validate" is very flexible and able to perform any data validations, including HTTP header/Query parameter validations with multi stage validations, HTML form validations, JSON data validations, etc. Although "Validate" is designed to validate all inputs at once, you may validate values one by one also. "Strings" are the most important for input validations and "Validate" is strict for string validations. Many apps miss to validate "char encodings" and "length". "Validate" forces them to be validated always by default. "Validate" does not allow Unicode control characters which cause problems by default. Requirements ------------ [](#requirements) - PHP 8.0 and up. - PHP 7.0 and up. - BCMath module. ### Recommended [](#recommended) - PHP 7.2 and up - Newer mbstring provides better performance. - mbstring module - mb\_ord() improves performance, more supported encodings and better encoding checks. - GMP module - "Validate" supports GMP integer also. Basic Behaviors --------------- [](#basic-behaviors) - validate() does now allow anything unless explicitly specified. i.e. Strictly white listing. - validate() converts input values to native types when it is possible. e.g. '123' to int. 'yes'/'no' to bool. - validate() processes input values and and validation specs recursively. i.e. Any input values (scalar/array/object) are accepted. - validate() checks validation spec format by default. i.e. Disable spec format check for production. - validate() stores validation statues to context. e.g. $ctx in examples below. - validate() throws InvalidArgumentException by default. Tip: - For application business logic data validations, disable exception and set 'error\_message' option. - Define your own 'filter' for normalization. - Define your own 'key\_callback' for custom array key validations. - Use VALIDATE\_CALLBACK and 'callback' for complex validations. Example #1: Single value validation with exception -------------------------------------------------- [](#example-1-single-value-validation-with-exception) src/examples/91-example.php ```