Forms (Welder)

Welder turns the three-step "render the form, validate the post, save the data" loop into a handful of one-line calls.

Build a form

Each helper takes a single string of attribute pairs (HTML-attribute style). It returns the corresponding markup:

<?php $F = new \Truecast\Welder ?>

<?= $F->start('action=/contact method=post class=cf') ?>

<?= $F->text     ('name=name      label="Your name"  required') ?>
<?= $F->email    ('name=email     label="Email"      required') ?>
<?= $F->textarea ('name=message   label="Message"    required') ?>
<?= $F->select   ('name=topic label="Topic" options="sales:Sales|support:Support"') ?>
<?= $F->checkbox ('name=newsletter label="Subscribe me"') ?>
<?= $F->button   ('type=submit text="Send"') ?>

<?= $F->end() ?>

Validate

In your controller, call validate() with a rule string that lists each field and its validator. true means the form was submitted and every field passed:

$F = new \Truecast\Welder;

if ($F->validate('name=name email=email message=required')) {
    $values = $F->get('object');         // or 'array'
    // ... save, send email, redirect, etc.
    \True\App::go('/contact/thanks');
}

$vars['form'] = $F;

The same $F instance powers both render and validation, so error messages stick to the right field on a re-render.

Built-in validators

Rule	Description
`required`	Must be non-empty
`name`	Letters, spaces, hyphens, apostrophes
`email`	Valid email address
`url`	Valid URL
`integer`	Whole number
`decimal`	Numeric, allows decimals
`phone`	Phone number
`date`	Parseable date
`ip`	IP address
`clean`	Strip tags / sanitize

Spam protection

Add an Akismet check before the validation branch:

if ($F->spam('akismet="name,email,message" spamcontent="message"')) {
    // not spam — proceed
} else {
    \True\App::go('/contact/thanks');   // silently swallow
}

Send the form by email

For lightweight contact forms, Welder can email itself. Pass mailer config and a list of fields to include:

$F->emailForm(
    [
        'to_name'    => 'Sales',
        'to_email'   => 'sales@example.com',
        'from_name'  => $values->name,
        'from_email' => $values->email,
        'subject'    => 'Website contact',
        'type'       => 'html',
    ],
    ['name', 'email', 'message']
);

CSRF and config

$F = new \Truecast\Welder([
    'action_field'         => 'submit',
    'csrf'                 => true,
    'hide_field_error_tags'=> false,
]);

With csrf => true, every start() call emits a hidden token that validate() checks before any field rules run.