You are here

function drupal_validate_form in Drupal 6

Same name and namespace in other branches
  1. 4 includes/form.inc \drupal_validate_form()
  2. 5 includes/form.inc \drupal_validate_form()
  3. 7 includes/form.inc \drupal_validate_form()

Validates user-submitted form data from the $form_state using the validate functions defined in a structured form array.

Parameters

$form_id: A unique string identifying the form for validation, submission, theming, and hook_form_alter functions.

$form: An associative array containing the structure of the form.

$form_state: A keyed array containing the current state of the form. The current user-submitted data is stored in $form_state['values'], though form validation functions are passed an explicit copy of the values for the sake of simplicity. Validation handlers can also $form_state to pass information on to submit handlers. For example: $form_state['data_for_submision'] = $data; This technique is useful when validation requires file parsing, web service requests, or other expensive requests that should not be repeated in the submission step.

Related topics

3 calls to drupal_validate_form()
comment_form_add_preview in modules/comment/comment.module
Form builder; Generate and validate a comment preview form.
drupal_process_form in includes/form.inc
This function is the heart of form API. The form gets built, validated and in appropriate cases, submitted.
openid_authentication in modules/openid/openid.module
Authenticate a user or attempt registration.

File

includes/form.inc, line 619

Code

function drupal_validate_form($form_id, $form, &$form_state) {
  static $validated_forms = array();
  if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {
    return;
  }

  // If the session token was set by drupal_prepare_form(), ensure that it
  // matches the current user's session.
  if (isset($form['#token'])) {
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {

      // Setting this error will cause the form to fail validation.
      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));

      // Stop here and don't run any further validation handlers, because they
      // could invoke non-safe operations which opens the door for CSRF
      // vulnerabilities.
      $validated_forms[$form_id] = TRUE;
      return;
    }
  }
  _form_validate($form, $form_state, $form_id);
  $validated_forms[$form_id] = TRUE;
}