An Introduction to Symfony Validation


In this video we are taking our first look at Validation inside Symfony.

Validation as a concept is incredibly useful - it allows us to enforce rules on what types of data are acceptable for the properties of our objects.

An example of this may be to say allow only letters in a persons name, or only numbers in a persons age. In this case our 'Person' would be our object (or entity), and name / age would be our object's properties.

To make use of Validation inside Symfony is fairly straight-forward. The most common way is to use annotations inside our entities, but you can also define validation constraints (the fancy name for validation rules) in YAML or XML.

As mentioned a few times in this series, Symfony often has more than one way to achieve any particular task. If you are unsure, in this case, my advice is stick to annotations. The reason for this is that they are used in the docs (so, familiarity) and this will mean you validation constraints are in the same files (classes / entities / objects) as the properties being validated. If you use YAML or XML, you would end up with your validation rules in one file, and your objects in another.

HTML5 Validation Vs Symfony Validation

A confusing point - and one that can cause you some serious issues - is that there appears to be two types of validation when using a Symfony form.

Firstly, unless you tell Symfony otherwise, your form will be rendered with HTML5 validation turned on.

This is a nice thing to have... sometimes.

In a modern browser, HTML5 validation will produce little friendly pop ups if a field is required, and it will guess the allowable input values and patterns for a given field type.

An example of this might be if we had an age field, and we only wanted numbers between 18 and 99.

<input type="number" size="6" name="age" min="18" max="99" value="21">

The confusion comes in to play in that this is not Symfony validation.

You cannot rely on HTML5 validation.

If a users browser doesn't support HTML5 validations for whatever reason, they will be silenty ignored.

As such, if you have said you're only allowing ages between 1-99, and your user is rocking Windows 95 with IE4 then they can happily submit any age they like and the form won't do anything to stop them.

Server Side Validation with Symfony

Don't rely on HTML5 validation. As you have probably heard, never trust user input directly.

I have seen this cause a real, profit making business to end up in quite a nasty situation. Their data contained things that were not allowable. Some fields were missing, others were out of allowable ranges. A real nightmare situation.

Symfony Validation is what they really needed.

Your users can't (deliberately or accidentally) bypass Symfony validations as they happen server side.

They can work in conjunction with HTML5 validations, but you don't need to use HTML5 validations to use Symfony validations.

Symfony validation constraints are what we define on our objects:

// src/AppBundle/Entity/Author.php

// ...
use Symfony\Component\Validator\Constraints as Assert;

class Author
{
    /**
     * @Assert\NotBlank()
     */
    public $name;
}

(example from the Symfony documentation)

The next point of confusion is that these validation constraints won't always be automatically checked for us.

When Symfony Validates

As if having three ways to define our validations (annotations, YAML, XML) wasn't confusing enough, we also have two common ways in which Symfony can validate things for us.

The first - and easiest - is when using the form.

The second is by manually calling and using the validator service.

In both cases the same process is occuring - the validator service reads our validation constraints and checks each properties value is within the acceptable limits.

If any value is not acceptable then the validation will fail and you'll be given back the list of errors.

This list of errors is very handy as you can then use this to display the errors next to the appropriate field.

Doing this manually is a pain, but thankfully the Symfony form component has all of this built in for us. In practice, most of the time you will be validating using the form.

Common Constraints

As mentioned, a constraint is a fancy word for a rule.

We define our rules - usually using annotations - and then the validator double checks the given values against the defined constraints / rules.

The most common types of constraints are the Basic Constraints.

All of the constraints are fairly self explanitory. The confusion is that some don't behave entirely as you might expect (an example of which is shown in the video).

The Basic Constraints are most frequently used as they stop fields being empty, or check values are of a certain type, or are truthy / falsey.

Interestingly you can also define your own validation rules. This isn't super common, but is very useful functionality to have access too, and not that difficult to implement either.

As with anything to do with a modern framework, the commonly used checks / constraints are already defined and tested for us.

Symfony Validation :: In Summary

Symfony's validation constraints provide ready to use checks and measures to ensure our database doesn't end up with missing or incorrect data.

The standard way to define validation constraints is by using annotations.

HTML5 validation is not the same as Symfony validation.

You can use HTML5 validation, but don't rely on it.

Validation is not just for forms and objects. You can validate anything from simple strings, to arrays, and more.

Episodes