Image for post
Image for post

HTTP Request Validation With Silex

Peter Lafferty
Sep 16, 2017 · 3 min read

This article covers three validation scenarios:

  • routes
  • Query strings
  • POST with a JSON body

First lets start with some rough and ready example code. The following “snippet” creates a basic “RESTful” api using Silex.

The API is for retrieving emoji and has 3 end points:

  • [GET] /emoji/
  • [GET] /emoji/{id}
  • [POST] /emoji/

The code has a dependency on Silex and will use the built in Validator Provider from Silex and constraints from Symfony for validation. There is a repo on GitHub with the composer.json.

Sidebar on testing: quickly test the silex application with PHP’s built in web server by running “php -S localhost:8080 -t .” from the project’s route directory and then use Postman, curl or your browser.

The first validation to do is to make sure that the route variables can only match on certain requirements. This is done by adding a regex pattern to the route. The following snippet ensures that the “{id}” in “/emoji/{id}” can only be a positive integer:

If the assert doesn’t match then Silex will serve a 404 as long as no other route matches. This logic is the basis for all route variables and can be used to set up more complicated requirements. Check out the code in context on the repo.

The thing to bear in mind when validating the query string is that all the values are strings. This means that the validation code you use needs to treat everything as strings and then you cast/convert to the required type before usage.

Side bar on Constraints: map them “as Assert” this will make the code read better. To apply several constraints to one variable place them in an array. To apply constraints to indices in an associative array use the collection constraint. Also don’t forget to run `composer require symfony/validator`

Before using the asserts the code needs to have some GET query params laid out:

  • hasSkinTone: a boolean true or false
  • idBelow: any positive integer (a contrived example).

Then import the constraints and the validator provider:

Then build the assertions inside of the route:

Pass them to the validator along with the query bag:

Then process the error messages and return if any are found:

Otherwise filter the emoji using the query values:

The code there is a bit piecemeal so it might be clearer to view everything in context on the getrequest branch.

Side bar On Boolean Strings: For more on converting string values to boolean types check out “How To Evaluate String ‘False’ In PHP

Seeing as the POST data is limited to a JSON body the data has a type associated with it. This means the constraint class for type validation can be used instead of the regex constraint. There is also no need to cast the post data.

The POST data format is:

"id": 10,
"code": "U+1F4A9",
"value": "💩",
"description": "pile of poo",
"hasSkinTone": false

Then the validation code is pretty much the exact same the main thing to be aware of is that the JSON needs to be decoded and validated before being passed to the route. Taking all that in to account the route now looks like this:

View the whole thing in context on the postrequest branch.

That’s the basics of route and request validation using Silex.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store