Validation Layer in a PHP Class

I need help understanding the logic to deal with validating user inputs.

my current state of validating user data is at worst, i feel pretty awkward using these messy lines of codes, have a look at my typical function which i uses it to get input from the user and process it to database.

public function saveUser($arguments = array()) {
    //Check if $arguments have all the required values
    if($this->isRequired(array('name','email','password','pPhone','gender','roleId'))) {
        //$name should could minimum of 5 and maximum of 25 chars, and is a strict character.
        $name = $this->isString(5, 25, $this->data['name'], 'STRICT_CHAR');
        $email = $this->isEmail($this->data['email']);
        $pPhone = $this->isString(5, 12, $this->data['pPhone'], 'STRICT_NUMBER');
        $sPhone = (!empty($this->data['sPhone'])) ? $this->isString(5, 12, $this->data['sPhone'], 'STRICT_NUMBER') : 0;
        //Check For Duplicate Email Value
        $this->duplicate('user_details','email',$email);
        //If Static Variable $error is not empty return false
        if(!empty(Validation::$error)) { return false; }
        //After Validation Insert the value into the database.
        $sth = $this->dbh->prepare('INSERT QUERY');
        $sth->execute();
    }
}

Now is the time i focus on improving my validation code. i would like all my class methods to validate the user inputs before inserting into the database. basically a class methods which takes user input should be able to perform the following.

1. If class method accepts user input as an array then check for all required inputs from within the array.

2. Check the Minimum and Maximum Length of the input.

3. Che开发者_运维技巧ck for any illegal character.

etc.

I would like to know how to deal with this, and also if there is any PHP Independent Validation Component which can come to my rescue. it would be of great help. if i am doing it wrong please suggest me on improving my code, i won't mind going to any extent as long as it guarantees that my code follows the coding standard.

I will also appreciate if someone could explain me on dealing with validation logic for validating user input for a class method of an object.

Thank you..

PHP 5.2 has a new core extension called "filter functions". You can use this extension to sanitize and validate user data.

For example, to validate an email address:

if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
    echo "This (email) email address is considered valid.";
}

As for dealing with validation in general, you want to decouple the validation process from the incoming data and the objects themselves. I use the Lithium PHP framework, and their data validation class is implemented as a nearly independant utility class. Check it out for ideas on how to roll your own: http://li3.me/docs/lithium/util/Validator

Using their class, you get something like this:

// Input data. This can be an $object->data() or $_POST or whatever
$data = array(
    'email' => 'someinvalidemailaddress';
);

// Validation rules
$rules = array(
    'email' => array(
        array('notEmpty', 'message' => 'email is empty'),
        array('email', 'message' => 'email is not valid')
    )
);

// Perform validation
Validator::check($data, $rules);

// If this were in your object
public validate($data = array(), $rules = array()) {
    $data = !empty($data) ? $data : $this->data; // Use whatever data is available
    $rules = $this->rules + $rules; // Merge $this's own rules with any passed rules

    return Validator::check($data, $rules));
}

// You can have a save method like
public save() {
    if ($this->validates()) {
        // insert or update
    }
}

// And your object would 
$user = new User();
$user->data = array('email' => 'whatever');
$user->save();

And there's always Zend Validate. You can look it up at http://framework.zend.com/manual/en/zend.validate.set.html

Create your validation class first...Then when they submit the code. Just include the class on where every you have action set to on the form. You can create a loop to pass the POST or GET data though the instance which validates the input. Then if the input is good, return it(maybe as an array, that's what I do) and pass it to your database.

Example:

$validate = new validation_Class;     //new instance of the validation class
 $output = foreach($_POST as $input)         // loop each input data into the class
{
   $validate->$input;
}

Now if your validation class is setup right, you can have all the clean data stored in $output