05. Laravel for Frontend developers – request validation

Read the previous lesson or watch a screencast version of this post.

public function store() 
{
    return Food::create([
        'name' => request('name'),
        'carbs' => request('carbs'),
        'fats' => request('fats'),
        'proteins' => request('proteins'),
        'calories' => request('calories'),
        'qty' => request('qty'),
        'um' => request('um')
    ]);
}

If we take a look over the store method where we create a new food item, we see that we are quite optimistic by expecting the request to contain the correct parameters. Let’s see what happens when one of them is missing.

Laravel integrity constraint violation
Laravel integrity constraint violation

Our application blows up. Our table always expects a name when we create a new food record. It trusted us, and we failed it – we sent incomplete data.

We should always protect ourselves by ensuring the request contains everything we need to perform whatever action we intend – in our case, creating a new food record.

To validate the request, we need to call the validation method and pass it an array containing all the validation rules for each parameter.

public function store() 
{
    request()->validate([
        'name' => ['required', 'string'],
        'carbs' => ['required', 'numeric', 'min:0'],
        'proteins' => ['required', 'numeric', 'min:0'],
        'fats' => ['required', 'numeric', 'min:0'],
        'calories' => ['required', 'numeric', 'min:0'],
        'qty' => ['required', 'numeric', 'min:0'],
        'um' => ['required', 'string', 'in:g,pc,ml,oz']
    ]);

    return Food::create([
        'name' => request('name'),
        'carbs' => request('carbs'),
        'fats' => request('fats'),
        'proteins' => request('proteins'),
        'calories' => request('calories'),
        'qty' => request('qty'),
        'um' => request('um')
    ]);
}

Laravel comes with a broad set of validation rules – pretty much anything you can think of, there is a rule for it – make sure to check the documentation.

Now, let’s check that it works by sending a post request with an incomplete parameter list:

Laravel returns validation messages
Laravel returns validation messages

Overwriting validation messages

Larvel does a great job by coming up with thoughtful error messages, but you can overwrite them if you need to.

To change one of the error messages, you need to pass in a second array where the key is the name of the parameter, then a dot, and the name of the rule. And the value is whatever message you want to return when that rule is broken.

For example, here’s how we would overrite the error message for the `in:` rule:

request()->validate([
    'name' => ['required', 'string'],
    'carbs' => ['required', 'numeric', 'min:0'],
    'proteins' => ['required', 'numeric', 'min:0'],
    'fats' => ['required', 'numeric', 'min:0'],
    'calories' => ['required', 'numeric', 'min:0'],
    'qty' => ['required', 'numeric', 'min:0'],
    'um' => ['required', 'string', 'in:g,pc,ml,oz']
], [
    'um.in' => 'Selected unit of measure is invalid. Only g, pc, ml, and oz are allowed.'
]);

Remember always to validate your requests. It will offer you protection, not only against malicious users but also against yourself – often enough, we pass in the wrong data without realizing it.

Make sure to check out the docs for other validation rules.

Read the previous lesson or watch a screencast version of this post.

Playlist: LFFD

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.