Forms and validation

You should validate all input data entered in forms. In Zotonic you create forms by writing plain HTML. You can attach one or more validators to each input element. Validators define acceptable values for the input data.

Let’s say you have a required input field ‘title’. To make sure some text is entered in it, attach the presence validator:

<input type="text" id="title" name="title" />
{% validate id="title" type={presence} %}

The validated form field is available to Erlang code using the z_context:get_q_validated/2 function:

Title = z_context:get_q_validated(<<"title">>, Context).

Client- and server-side

Zotonic’s validators work both client- and server-side:

  • JavaScript prevents the form from being submitted until the input data conforms to the validators.
  • All validation is done on the server as well, which protects against users bypassing the validation checks in their browser.

Validators

Zotonic comes with some commonly needed validators:

If you need to implement custom validation logic, use the postback validator. For JavaScript-only custom validation, use the custom validator.

See also