function drupal_validate_form

7.x form.inc drupal_validate_form($form_id, &$form, &$form_state)
6.x form.inc drupal_validate_form($form_id, $form, &$form_state)

Validates user-submitted form data from the $form_state using the validate functions defined in a structured form array.

Parameters

$form_id: A unique string identifying the form for validation, submission, theming, and hook_form_alter functions.

$form: An associative array containing the structure of the form.

$form_state: A keyed array containing the current state of the form. The current user-submitted data is stored in $form_state['values'], though form validation functions are passed an explicit copy of the values for the sake of simplicity. Validation handlers can also $form_state to pass information on to submit handlers. For example: $form_state['data_for_submision'] = $data; This technique is useful when validation requires file parsing, web service requests, or other expensive requests that should not be repeated in the submission step.

Related topics

Form generation
Functions to enable the processing and display of HTML forms.
3 calls to drupal_validate_form()
comment_form_add_preview in drupal-6.x/modules/comment/comment.module
Form builder; Generate and validate a comment preview form.
drupal_process_form in drupal-6.x/includes/form.inc
This function is the heart of form API. The form gets built, validated and in appropriate cases, submitted.
openid_authentication in drupal-6.x/modules/openid/openid.module
Authenticate a user or attempt registration.

File

drupal-6.x/includes/form.inc, line 580

Code

function drupal_validate_form($form_id, $form, &$form_state) {
  static $validated_forms = array();

  if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {
    return;
  }

  // If the session token was set by drupal_prepare_form(), ensure that it
  // matches the current user's session.
  if (isset($form['#token'])) {
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token'])) {
      // Setting this error will cause the form to fail validation.
      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));

      // Stop here and don't run any further validation handlers, because they
      // could invoke non-safe operations which opens the door for CSRF
      // vulnerabilities.
      $validated_forms[$form_id] = TRUE;
      return;
    }
  }

  _form_validate($form, $form_state, $form_id);
  $validated_forms[$form_id] = TRUE;
}