4.7.x form.inc drupal_validate_form($form_id, $form, $callback = NULL)
5.x form.inc drupal_validate_form($form_id, $form)
6.x form.inc drupal_validate_form($form_id, $form, &$form_state)
7.x form.inc drupal_validate_form($form_id, &$form, &$form_state)

Validates user-submitted form data from the $form_state using the validate functions defined in a structured form array.


$form_id: A unique string identifying the form for validation, submission, theming, and hook_form_alter functions.

$form: An associative array containing the structure of the form.

$form_state: A keyed array containing the current state of the form. The current user-submitted data is stored in $form_state['values'], though form validation functions are passed an explicit copy of the values for the sake of simplicity. Validation handlers can also $form_state to pass information on to submit handlers. For example: $form_state['data_for_submision'] = $data; This technique is useful when validation requires file parsing, web service requests, or other expensive requests that should not be repeated in the submission step.

Related topics

2 calls to drupal_validate_form()
comment_form_add_preview in modules/comment/comment.module
Form builder; Generate and validate a comment preview form.
drupal_process_form in includes/form.inc
This function is the heart of form API. The form gets built, validated and in appropriate cases, submitted.


includes/form.inc, line 619


function drupal_validate_form($form_id, $form, &$form_state) {
  static $validated_forms = array();
  if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {

  // If the session token was set by drupal_prepare_form(), ensure that it
  // matches the current user's session.
  if (isset($form['#token'])) {
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {

      // Setting this error will cause the form to fail validation.
      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));

      // Stop here and don't run any further validation handlers, because they
      // could invoke non-safe operations which opens the door for CSRF
      // vulnerabilities.
      $validated_forms[$form_id] = TRUE;
  _form_validate($form, $form_state, $form_id);
  $validated_forms[$form_id] = TRUE;