Symfony keep form values
last modified March 3, 2025
Symfony keep form values tutorial shows how to keep form values after form submission after the submission of the form fails. In this tutorial, we do the traditional form submission; we do not use form builders.
Symfony
Symfony is a set of reusable PHP components and a PHP framework for web projects. Symfony was published as free software in 2005. The original author of Symfony is Fabien Potencier. Symfony was heavily inspired by the Spring Framework.
Keeping form values
When the form is submitted by the user, it is validated by the application. When the validation fails, the application redirects the user back to the form, displaying the validation errors. It is a good practice to keep the already entered values in the form.
Symfony keep form values example
In the example, we have a simple form with two fields: name and email.
After the form is submitted, we check for CSRF protection and validate
the input values with Symfony's Validator. We store the entered
values into the session to retrieve them back when the submission fails.
Setting up the application
We start with setting up the application with composer.
$ composer create-project symfony/skeleton formkeepvals "^7.2" $ cd formkeepvals
We create a new Symfony 7.2 skeleton project and go to the newly created project directory.
$ composer require symfony/twig-bundle symfony/validator symfony/annotations
We install three basic Symfony packages: twig-bundle,
validator, and annotations.
$ composer require symfony/security-csrf symfony/monolog-bundle
The security-csrf package is needed against cross-site request
forgeries and monolog-bundle for logging.
$ composer require symfony/property-access
We install the PropertyAccess component, which is used for
convenient reading and writing of properties/keys of objects and arrays.
$ composer require symfony/maker-bundle symfony/web-server-bundle --dev
We install the maker bundle and the development server for Symfony 7.2.
$ php bin/console make:controller HomeController
We create a HomeController. The controller sends a form to the
client.
<?php
declare(strict_types=1);
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
class HomeController extends AbstractController
{
#[Route('/home', name: 'home')]
public function index(): Response
{
return $this->render('home/index.html.twig');
}
}
This is a simple controller that sends a view containing the web form to the user.
$ php bin/console make:controller MessageController
We create a MessageController that responds to the form submission.
<?php
declare(strict_types=1);
namespace App\Controller;
use App\Service\ValidationService;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
class MessageController extends AbstractController
{
#[Route('/message', name: 'message', methods: ['POST'])]
public function index(Request $request, ValidationService $validator): Response
{
$token = $request->request->get('token', '');
if (!$validator->validateToken($token)) {
return new Response(
'Operation not allowed',
Response::HTTP_BAD_REQUEST,
['content-type' => 'text/plain']
);
}
$name = $request->request->get('name', '');
$email = $request->request->get('email', '');
$input = ['name' => $name, 'email' => $email];
$errorMessages = $validator->validateInput($input);
if (count($errorMessages) > 0) {
$session = $request->getSession();
$session->set('name', $name);
$session->set('email', $email);
foreach ($errorMessages as $key => $val) {
$this->addFlash($key, $val);
}
return $this->redirectToRoute('home');
}
return new Response(
'User saved',
Response::HTTP_OK,
['content-type' => 'text/plain']
);
}
}
In the MessageController, we check the CSRF token, validate the form
input values, and send a response back to the client.
<?php
declare(strict_types=1);
namespace App\Service;
use Psr\Log\LoggerInterface;
use Symfony\Component\Security\Csrf\CsrfToken;
use Symfony\Component\Validator\Constraints as Assert;
use Symfony\Component\Validator\Validator\ValidatorInterface;
use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
class ValidationService
{
public function __construct(
private readonly CsrfTokenManagerInterface $tokenManager,
private readonly ValidatorInterface $validator,
private readonly PropertyAccessorInterface $accessor,
private readonly LoggerInterface $logger
) {
}
public function validateToken(string $token): bool
{
$csrfToken = new CsrfToken('myform', $token);
$isValid = $this->tokenManager->isTokenValid($csrfToken);
if (!$isValid) {
$this->logger->error('CSRF failure');
}
return $isValid;
}
/** @return array<string, string> */
public function validateInput(array $input): array
{
$constraints = new Assert\Collection([
'name' => [
new Assert\Length(['min' => 2]),
new Assert\NotBlank(),
],
'email' => [
new Assert\Email(),
new Assert\NotBlank(),
],
]);
$violations = $this->validator->validate($input, $constraints);
if (count($violations) > 0) {
$this->logger->info('Validation failed');
$messages = [];
foreach ($violations as $violation) {
$this->accessor->setValue(
$messages,
$violation->getPropertyPath(),
$violation->getMessage()
);
}
return $messages;
}
return [];
}
}
The ValidationService checks the CSRF token and validates the
input.
{% extends 'base.html.twig' %}
{% block title %}Home page{% endblock %}
{% block stylesheets %}
<style>
.topmargin {
margin-top: 10px;
}
</style>
{% endblock %}
{% block body %}
<section class="ui container topmargin">
<form class="ui form" action="{{ path('message') }}" method="post">
<input type="hidden" name="token" value="{{ csrf_token('myform') }}" />
{% for msg in app.flashes('name') %}
<div class="ui small red message">
{{ msg }}
</div>
{% endfor %}
<div class="field">
<label>Name:</label>
<input type="text" name="name" value="{{ app.session.get('name')|default('') }}">
</div>
{% for msg in app.flashes('email') %}
<div class="ui small red message">
{{ msg }}
</div>
{% endfor %}
<div class="field">
<label>Email</label>
<input type="text" name="email" value="{{ app.session.get('email')|default('') }}">
</div>
<button class="ui button" type="submit">Send</button>
</form>
</section>
{% endblock %}
The home page has a form. The form contains two fields: name and
email.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>{% block title %}Welcome!{% endblock %}</title>
<link href="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.4.1/semantic.min.css"
rel="stylesheet">
{% block stylesheets %}{% endblock %}
</head>
<body>
{% block body %}{% endblock %}
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/semantic-ui/2.3.1/semantic.min.js"></script>
{% block javascripts %}{% endblock %}
</body>
</html>
This is the base Twig template. It contains the Semantic UI CSS framework.
In this tutorial we have validated a simple form in a Symfony 7.2 application.
List all Symfony tutorials.