There are few ways to validate form submission data in Laravel. We'll review the main points of creating forms validation, paying attention on creating testable code.
Introduction
This tutorial describes how to create and use custom Form Request validation in your Laravel (5.8 or 6+) projects. There are a few ways to validate form submission data in Laravel.
Direct Validation in Controller
The standard way is to use Validator
facade directly in the beginning of your controller. Let's see the example:
public function store(Request $request)
{
$validator = Validator::make($request--->all(), [
"title" => "required|min:5|max:200",
"body_content"=> "required|min:10",
"blog_tag_id" => "nullable",
],[
"title.required" => "Please write a title",
"title.min" => "The title has to have at least :min characters.",
"title.max" => "The title has to have no more than :max characters.",
"body_content.required" => "Please write some content",
"body_content.min" => "The content has to have at least :min characters",
]);
}
As you may see in this example, we perform validation inside the controller's action. It looks nice enough until you want to use the same code in other places: when you create a post in Backend or if you want to add a Unit tests. In such cases, you will copy-paste the same pieces of your code, that is not good, because you have to support all of them and such style of programming breaks DRY principle (Don't Repeat Yourself).
Using Custom Validator
So... what is the better way to implement such validation? Laravel allows us to create our own Request
class, instead of using a standard \Illuminate\Http\Request and use as a function parameter. Let's see how we can do that.
The first thing you have to do it to create such a class. Run the following command:
$ php artisan make:request App\Http\Requests\MyOwnRequest
This command will create MyOwnRequest
request class in App\Http\Requests\ directory. By default, it will be as follows:
namespace App\Http\Requests\Auth;
use Illuminate\Foundation\Http\FormRequest;
class MyOwnRequest extends FormRequest
{
public function authorize()
{
return false;
}
public function rules()
{
return [
];
}
}
Now you can move there your validation rules and replace Request parameter in store()
method with MyOwnRequest
.
Your controller store()
method will be like below:
public function store(MyOwnRequest $request)
{
}
MyOwnRequest
class will be as follows:
(Remember to turn return value of authorize()
method to TRUE
!)
namespace App\Http\Requests\Auth;
use Illuminate\Foundation\Http\FormRequest;
class MyOwnRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
"title" => "required|min:5|max:200",
"body_content"=> "required|min:10",
"blog_tag_id" => "nullable",
];
}
}
Looks much better, right?
Customization of Request Class
Custom Messages
Now, what if you want to specify custom validate messages? It's easy to implement with messages()
method of your validator class. You simply have to define an array, where the key is a field name and the value is the custom message you want to show.
namespace App\Http\Requests\Auth;
use Illuminate\Foundation\Http\FormRequest;
class MyOwnRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
"title" => "required|min:5|max:200",
"body_content"=> "required|min:10",
"blog_tag_id" => "nullable",
];
}
public function messages()
{
return [
"title.required" => "Please write a title",
"title.min" => "The title has to have at least :min characters.",
"title.max" => "The title has to have no more than :max characters.",
"body_content.required" => "Please write some content",
"body_content.min" => "The content has to have at least :min characters",
];
}
}
Validation Set of Fields
Ok, now it looks better. But what to do if you need to validate a set of fields, let's say: few checkboxes or few file fields? In this case, you may use asterisk * to prepare validation rules. Check below how we define validation rules for set of fields. I hope it's clear and understandable enough.
public function rules(): array
{
return [
"files.*" => "required|image|mimes:jpg,jpeg,png",
"attrs.*.from" => "nullable|numeric",
"attrs.*.to" => "nullable|numeric",
];
}
Special Naming for Attributes
As you know, Laravel creates validation messages automatically, so sometimes you will need to provide special names to your fields. You may use the following language lines to swap attribute place-holders with something more reader friendly such as E-Mail Address instead of "email" or indexes in array. This simply helps us make messages a little cleaner.
public function attributes(): array
{
return [
"receivers" => "Nice name",
"subject" => "Like name",
"body" => "Another Name",
"notify.blog.*" => "Blog Notification value",
];
}
Add Your Own Validation
Now, if you want to perform your own validation, you may use the withValidator()
method. It's useful when you need to perform additional or very complicated validation, after the main validation was passed (or not). In the example below, we check if an email presents in a list of pre-approved emails. Take into account that there are some methods you may use:
$validator->after()
$validator->fails()
etc.
public function withValidator(Validator $validator)
{
$email = $validator->getData()['email'] ?? '';
$validator->after(
function ($validator) use ($email) {
if (is_null(\DB::table('pre_approved')->where('email',$email)->first())) {
$validator->errors()->add(
'email',
'This email does not exist on our pre-approved email list'
);
}
}
);
}
Don't Forget Authorization
As mentioned before, the form request class also contains an authorize
method. You may check if the authenticated user actually has the authority to change a given resource. Let's see an example when user actually owns a blog comment and attempts to update it:
public function authorize()
{
$comment = Comment::find($this->route('comment'));
return $comment && $this->user()->can('update', $comment);
}
Custom Redirecting
And the last thing, if you want to redefine a route if validation fails, you may do that by redefining $redirectRoute
property:
protected $redirectRoute = 'home';
History
- 15th January, 2021: Initial version