To make such urls pass the validation we have to write a custom validation rule. As PHP (>= 5.2.0) already provides a filter for urls we can use this filter in our validation rule. And so the code in our model looks like:

public $validate = array('url' => array('rule' => array('validateUrl')));

public function validateUrl($data) {
    return (filter_var($data['url'], FILTER_VALIDATE_URL)) ? true : false;
}

I hope this workaround is useful for some of you.

PS: If you are a German-speaking baker, a new blog called cakery (started by Siegfried Hirsch, the admin of the German CakePHP Google Group) could be interesting for you.

public function example() {
    $data = array('Project' => array('name' => 'Testproject'));
    if ($this->Project->validates($data)) {
        echo 'valid';
    } else {
        echo 'invalid';
    }
}

If you look at this snippet, it probably looks fine to you. And it is fine if you are using CakePHP 1.1. Unfortunately, in CakePHP 1.2 the behavior of this method has changed, and so the example above doesn’t work as you would expect (depending on the validation rules). For a while the parameter of Model::validates() was deprecated (see Parameter for Model::validates() is now deprecated) and caused a warning if you used it. In the meantime the parameter is back with a new meaning…

Compare the API docs for the validates() methods. First the CakePHP 1.1 docs:

/**
 * Returns true if all fields pass validation, otherwise false.
 *
 * @param array $data POST data
 * @return boolean True if there are no errors
 * @access public
 */

And now the docs for CakePHP 1.2:

/**
 * Returns true if all fields pass validation.
 *
 * @param string $options An optional array of custom options to be made available in the beforeValidate callback
 * @return boolean True if there are no errors
 * @access public
 * @link http://book.cakephp.org/view/410/Validating-Data-from-the-Controller
 */

The parameter of the method is no longer for the data you want to validate but for options for the beforeValidate() callback method. So the example from the beginning has to be changed in the following way to make it work as expected:

public function example() {
    $data = array('Project' => array('name' => 'Testproject'));
    $this->Project->create($data);
    if ($this->Project->validates()) {
        echo 'valid';
    } else {
        echo 'invalid';
    }
}

Happy baking :)

It allows you to validate the data from SELECT elements. With the in parameter you can define the valid choices:

public $validate = array('name' => array('rule' => array('multiple', array('in' => range(0, 10)))));

And with using the min and max parameters you can specify the minimal resp. maximal number of non-zero choices the user has to select:

public $validate = array('name' => array('rule' => array('multiple', array('min' => 1, 'max' => 2))));

Happy baking :)

Let’s say we have an optional “nickname” field. Its value must either be empty or an alphanumeric string with a length between three and ten characters. We start with defining the validation rules:

public $validate = array('nickname' => array('length' => array('rule' => array('between', 3, 10)),
		                             'alpha' => array('rule' => array('alphaNumeric'))));

Those rules work fine. The only “problem” is that they reject an empty string as invalid. To allow an empty string we have to set the option “allowEmpty” to true. So the $validate array is now:

public $validate = array('nickname' => array('length' => array('rule' => array('between', 3, 10)),
		                             'alpha' => array('rule' => array('alphaNumeric')),
				             'allowEmpty' => true));

It looks correct, but as you might guess, it doesn’t work. An empty string still doesn’t pass the validation.

The problem is that “allowEmpty” has to be set on the first rule and not as a setting for the field. And so we have to change the $validate array to:

public $validate = array('nickname' => array('length' => array('rule' => array('between', 3, 10), 'allowEmpty' => true),
		                             'alpha' => array('rule' => array('alphaNumeric'))));

With this solution, an empty string is accepted as a valid value. It’s not really logical, but it works ;-)

boolean is self-explanatory: it validates whether a field contains a boolean value (i.e. 0, 1, “0″, “1″, false, or true). Example:

var $validate = array('is_enabled' => array('rule' => array('boolean')));

inList ensures that the respective field only contains a value from the defined array. It is case-sensitive, i.e. if you use the rule from the example below, then the value “Red” would be invalid.

var $validate = array('color' => array('rule' => array('inList', array('red', 'green', 'blue'))));

time determines whether a field contains a valid time value. It supports both the 24 hour format (e.g. 08:10:10) and the 12 hour format (e.g. 8:10:10am). The minutes and seconds are optional in both cases.

var $validate = array('starttime' => array('rule' => array('time')));

Another recent change affected View::renderElement(): it has been deprecated in favor of View::element():

$this->renderElement('my_element', array('param1' => 'a value'));

becomes

$this->element('my_element', array('param1' => 'a value'));

I don’t know why View::renderElement() was deprecated and not View::element(), as I think the method name “renderElement” is more expressive than “element”.

Anyway, happy baking :)

First, you have to write a method in your model which does the validation. The method must accept at least one parameter (for the value which should be validated). If the data is valid, the method must return true. In the other case it has to return false. Such a method could look like:

public function validateNotEmpty($value) {
    if (trim($value[key($value)]) == '') {
        return false;
    } else {
        return true;
    }
}

One thing you have to notice is that $value is an array containing one key/value pair (in pre-beta releases it has been a single value). The key is the name of the field you validate, and the value contains what the user entered (and hence what you want to validate).

In the next, and last, step, we have to define that we want to use the method we just wrote to validate a certain field. This is done in the same way as with the built-in validation rules, the only difference is that we have to use the method name as rule name:

public $validate = array('name' => array('rule' => 'validateNotEmpty'));

You can also write validation rules with additional parameters. Let’s say you want to write a validation rule which validates whether a string contains a certain character. The validation method for this purpose may look like:

public function validateContainsChar($value, $char) {
    return (strpos($value[key($value)], $char) !== false);
}

Now, if we want to ensure that the value of the “name” field contains an “x”, then the $validate array is:

public $validate = array('name' => array('rule' => array('validateContainsChar', 'x')));

That’s it, happy validating!

if ($this->User->validates($this->data)) { // do something }

It looks now:

$this->User->data = $this->data;  // or $this->data['User'];
if ($this->User->validates()) { // do something }

At the moment this change affects only those who use the Cake 1.2 branch from the repository.

The aforementioned constants still work in 1.2, but they are deprecated, so for new code you shouldn’t use them. The usage of the new validation rules follows the following pattern (in your model):

var $validate = array('field' => array('rule' => array('validationmethod', 'param1', 'param2')));

Ok, let’s have a look at the validation methods.

alphaNumeric should be self-explanatory, it allows only letters and strings. Useful for e.g. user names:

var $validate = array('username' => array('rule' => array('alphaNumeric')));

between is a bit misleading, as I expected that it checks whether a number is in a certain range. But what it actually does is to check the string length. In the following example the length of the user name must be at least 3 characters, and maximal 10 characters:

var $validate = array('username' => array('rule' => array('between', 3, 10)));

blank validates that a field is blank or contains only whitespace characters like tabs or spaces. It doesn’t look very useful to me. Its usage is:

var $validate = array('x' => array('rule' => array('blank')));

cc doesn’t stand for “carbon copy”, it stands for “credit card”. It checks whether a credit card number is valid. If you want to check for Visa numbers, you would do the following:

var $validate = array('creditcard' => array('rule' => array('cc', array('visa'))));

comparison is used to compare numeric values. It supports “is greater”, “is less”, “greater or equal”, “less or equal”, “is less”, “equal to”, and “not equal”. To check whether the provided age was higher than 18 you would do:

var $validate = array('age' => array('rule' => array('comparison', '>=', 18)));
or
var $validate = array('age' => array('rule' => array('comparison', 'greater or equal', 18)));

custom is also a bit misleading imho. It allows you to define a regular expression.

var $validate = array('username' => array('rule' => array('custom', '/^[0-9a-z]+$/i')));

date checks for a valid date. It allows different formats, see the API for details. To check whether the entered date is of the format yyyy-mm-dd resp. yy-mm-dd you would do:

var $validate = array('startdate' => array('rule' => array('date', 'ymd')));

decimal checks for a valid decimal number. If you want to have decimal numbers with two digits after the dot you have to use:

var $validate = array('price' => array('rule' => array('decimal', 2)));

It is obvious, what email does: it checks for a valid email address:

var $validate = array('email' => array('rule' => array('email')));

I am not sure whether money is fully implemented yet, at least I was not able to use this validation rule.

numeric is a simple wrapper for the PHP function is_numeric:

var $validate = array('age' => array('rule' => array('numeric')));

phone validates phone numbers. At the moment it supports only US phone numbers, if you want to validate other phone numbers you have to provide a regular expression.

var $validate = array('phone' => array('rule' => array('phone', null, 'us')));

postal is used to validate zip codes from the U.S., Canada, and the U.K. For other zip codes you have to provide a regular expression.

var $validate = array('zipcode' => array('rule' => array('postal', null, 'us')));

ssn validates social security numbers from the U.S., Denmark, and the Netherlands. For other social security numbers you have to provide a regular expression.

var $validate = array('ssn' => array('rule' => array('ssn', null, 'us')));

url is used to validate urls.

var $validate = array('website' => array('rule' => array('url')));

If you look at the validation class you will notice several other public methods. equalTo, file, ip, minLength, maxLength, multiple, and number are validation rules which are not implemented yet, so I don’t have described them. The userDefined method looks like it allows you to create custom validation methods, but up to now I couldn’t figure out how to use it…

Thanks to Nate for his initial explanations in the Google Groups.

Update 2007-01-06: minLength and maxLength have been implemented in changeset 4264. They can be used to validate the length of a string. If a string must consist of at least three characters you would do:

var $validate = array('username' => array('rule' => array('minLength', 3)));

And to validate that a string can consist of maximal 20 characters you do:

var $validate = array('username' => array('rule' => array('maxLength', 20)));

Update 2007-01-07: Also ip has been implemented, which is used to validate IP addresses.

var $validate = array('ip' => array('rule' => 'ip'));

The usage is simple:

1. Download the XHTML validator from http://www.bermi.org/xhtml_validator and place it in the app/vendors directory
2. Copy the code below to app/views/helpers/xhtml_validator.php
3. Add the helper to the helpers array of your controller(s): var $helpers = array(‘XhtmlValidator’);

// app/views/helpers/xhtml_validator.php
vendor('XhtmlValidator');

class XhtmlValidatorHelper extends Helper
{
    function afterRender()
    {
        if (DEBUG > 0)
        {
            $html = @ob_get_clean();
            $originalHtml = $html;
            ob_start();

            $XhtmlValidator = new XhtmlValidator();

            if($XhtmlValidator->validate($html) === false)
            {
                echo 'Ooops! There are some errors on the XHTML page';
                $XhtmlValidator->showErrors();
            }

            echo $originalHtml;
        }
    }
}

As the previous update this update is only for users using CakePHP with a version number higher than 1.0.1.2708 (you find the version number in VERSION.txt). And that is the update: replace the following snippet in the invalidFields() function in your AppModel:

if ($data == null)
{
    if (isset($this->data))
    {
        $data = $this->data;
    }
    else
    {
        $data = array();
    }
}

with

if (isset($this->data))
{
    $data = array_merge($data, $this->data);
}

The reason for that update is that if you modify data in a possible beforeValidate() function, these changes are ignored by the invalidFields() function without this update.