在没有实际提交的情况下强制Symfony表单验证

时间:2015-10-01 10:32:04

标签: symfony symfony-forms

是否可以手动执行表单字段验证?

我有一张表格。它具有全局表单验证。如果用户提交数据,一切都很顺利。

但是我希望在向用户显示表单之前触发验证 - 在提交之前显示错误。

尝试使用$form->submit([])方法提交,但它不会触发表单字段验证。

关于这个问题的任何想法?我有什么不对吗?

3 个答案:

答案 0 :(得分:3)

您是否只需要按表单验证数据?验证服务不适合您吗?

喜欢

<?php
####### db config ##########
$db_username = 'root';
$db_password = '';
$db_name = 'money1';
$db_host = 'localhost';
####### db config end ##########

if($_POST)
{
    //connect to mysql db
    $sql_con = mysqli_connect($db_host, $db_username, $db_password,$db_name)or die('could not connect to database');

    //check if its an ajax request, exit if not
    if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
        die();
    } 

    if(isset($_POST["message"]) &&  strlen($_POST["message"])>0)
    {
        //sanitize user name and message received from chat box
        //You can replace username with registerd username, if only registered users are allowed.
        $username = filter_var(trim($_POST["username"]),FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
        $message = filter_var(trim($_POST["message"]),FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
        $user_ip = $_SERVER['REMOTE_ADDR'];


        //insert new message in db
        if(mysqli_query($sql_con,"INSERT INTO shout_box(user, message, ip_address) value('$username','$message','$user_ip')"))
        {
            $msg_time = date('h:i A M d',time()); // current time
            echo '<div class="shout_msg"><time>'.$msg_time.'</time><span class="username">'.$username.'</span><span class="message">'.$message.'</span></div>';
        }

        // delete all records except last 10, if you don't want to grow your db size!
        mysqli_query($sql_con,"DELETE FROM shout_box WHERE id NOT IN (SELECT * FROM (SELECT id FROM shout_box ORDER BY id DESC LIMIT 0, 10) as sb)");
    }
    elseif($_POST["fetch"]==1)
    {
        $results = mysqli_query($sql_con,"SELECT user, message, date_time FROM (select * from shout_box ORDER BY id DESC LIMIT 10) shout_box ORDER BY shout_box.id ASC");
        while($row = mysqli_fetch_array($results))
        {
            $msg_time = date('h:i A M d',strtotime($row["date_time"])); //message posted time
            echo '<div class="shout_msg"><time>'.$msg_time.'</time><span class="username">'.$row["user"].'</span> <span class="message">'.$row["message"].'</span></div>';
        }
    }
    else
    {
        header('HTTP/1.1 500 Are you kiddin me?');
        exit();
    }
}

答案 1 :(得分:1)

原因很复杂,很简单。

// form instantiation

$type = new MyType();

$options = [
    'csrf_protection'=>!empty($_POST[$type->getName()])
];

$form = $this->createForm($type, [/* or entity */], $options);
$form->handleRequest($request);

if(!$form->isSubmitted()){
    $form->submit([]);
}

现在我可以正确看到错误。其中一个最棘手的部分是我不知道Form $options在创建后是只读的,如果你想要保持CSRF保护,empty检查是强制性的。

答案 2 :(得分:0)

在显示表单之前调用$form->isValid();

但是如果数据来自外部服务,我宁愿阻止(例如ws验证)用户通过ws提交错误的数据(ws =外部服务)

相关问题
最新问题