Mastering Data Validation in Laravel: Practical Tips for Effective Development

Now more than ever it is important that application data is valid, accurate, and meets all system requirements. This system responds to the need to maintain data consistency and avoid security vulnerabilities.

Laravel makes data validation easy and intuitive. It follows a Model View Controller (MVC) architecture and requires only a general understanding of PHP and Object Oriented Programming (OOP) concepts. In addition, Laravel provides several methods for validating incoming data.

Let’s look at some of these approaches and see how to apply validation rules to your data.

Data validation made easy in Laravel

Laravel provides several out-of-the-box validation rules for users of your application to submit data through forms. You can mark input fields as required, set a minimum or maximum length, and require unique (not duplicate) entries and valid email addresses. Laravel’s validator checks whether the input satisfies these rules or any other rules you specify.

Laravel validation rules include:

• required – Field data must not be null or empty.
• array – Field data must be a PHP array.
• bail – The validation rule stops running after the first validation error is encountered.
• email – Field data must be a valid email address.
• unique – Field data should not have duplicates in the database table.

All verification methods have advantages and disadvantages, but their diversity allows you to choose the method that best suits your needs. Depending on the method chosen, Laravel validation can occur in a variety of ways, with manual or automatic error messages.

The most common method is code verification, which is used for incoming HTTP requests. This method binds to the request data and executes the validation rules. You can separate the rules for each field with a comma, as seen in the following example.

use Illuminate\Http\Request;
 
public function store (Request $request){
  $validated = $request->validate([
        'email' => ['required, unique:users, email, bail'],
        'name' => ['required'],
    ]);

}

in this matter, email is a mandatory input, meaning it cannot be zero. Also, it must be unique in the database table, to avoid registering the same e-mail address twice. The last rule requires that the email address be valid. Otherwise, the verification process stops. The Name field is required but does not contain any other rules.

If a Laravel validation rule fails, a response is generated automatically.

validation basics

To better understand the verification methods, consider the following example. You would define a route to the endpoint and create a controller to validate and process the request data.

First, create a simple endpoint that allows users to store their email and password.

define route

Laravel routes are defined in file path/web.php for web applications or route/api.php for an API. For this example, use the file api.php,

use App\Http\Controllers\UserController;
 
Route::post('/store', [UserController::class]);

create controller

Run this Artisan command to create the controller:

php artisan make:controller

UserController

This command creates a file UserController.php in the folder app/http/controllers,

Now, define a method store To validate data entering the store endpoint before storing it.

This example will validate the following fields using these rules:

• E-mail – Must be unique, must be a valid email, and must be mandatory
• Password – must have a minimum length, must have a confirmation password, and must be required
• age – must be a number and must be mandatory

<?php

namespace App\Http\Controllers;
use Illuminate\Http\Request;
class UserController extends Controller
{
    /**
     * Store new user details.
     *
     */
    public function store(Request $request){
        $validated = $request->validate([
            'email' => 'required|unique:users|email',
            'age' => 'required|numeric',
            'password' => 'required|min:7|confirmed'
        ]);
        // After user data is validated, logic to store the data
    }

}

Rule confirmed Allows you to request a certain field twice to verify that the data is accurate, as is the case with users who re-enter their password during registration. This rule requires a field called password_confirmationwhose field of data must match the Password,

see error message

If the validation criteria are met, the code will continue to function normally. If validation fails, an exception is thrown IlluminateValidationValidationException And the appropriate error response is returned.

The example relies on an API that returns an HTTP response. 422 Unprocessable Entity in JSON format. For web applications, redirecting to the previous URL will display an error message and request data will be sent to the session.

you can use variables $errors In views to see the errors returned:

@if ($errors->any())
    <div class="alert alert-danger">
        <ul>
            @foreach ($errors->all() as $error)
                <li>{{ $error }}</li>
            @endforeach
        </ul>
    </div>
@endif

You can also choose to display only the first error or loop through all errors.

// Fetch all errors
$errors->all()

// Fetch only the first error
$errors->first()

refill module

Re-filling the form saves users from retyping information so they can focus on correcting the error. In the example of a working email address, you can recall the old field value and repopulate the rest of the form name,

$name = $request-> old('name')

//Blade helper
<input type="text" name="name" value="{{ old('name') }}">

this rule will return null If there was no previous input.

advanced verification

Laravel provides another way to write validation, called form requests. A form request is a custom request class that handles validation and shrinking your controller.

They have their own validation and authorization logic that is suitable for large amounts of input and can be used to define validation rules and customize error messages.

To create a form request, run this Artisan command:

php artisan make:request StoreUserRequest

This command creates a file StoreUserRequest.php in the folder app/http/Requests And it contains two predefined methods:

• rules Returns the validation rule for the requested data.
• authorize Returns a boolean indicating whether the user has permission to perform the requested action.

Modify the previous example to use a form request.

<?php

namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class StoreUserRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        // Add logic to check if the user is authorized to submit this data.
        return true;
    }
    /**
     * Get the validation rules that apply to the request.
     *
     * @return array<string, mixed>
     */
    public function rules()
    {
        return [
            'email' => 'required|unique:users|email',
            'age' => 'required|numeric',
            'password' => 'required|min:7|confirmed'
        ];
    }

}

To customize the error messages for these rules, you can override the message method of the class FormRequest,

/**

     * Get the error messages for the defined validation rules.
     *
     * @return array
     */
    public function messages()
    {
        return [
            'email.required' => 'An email address is required',
            'email.email' => 'The email address must be valid',
            'password.confirmed'=>'Re-type your password as 
password_confirmation, passwords does not match'
        ];

    }

Use: The data name and validation rule are separated by a dot (.) before the message data.

custom verification

To create a custom validation, you can use Facade Validator instead of validate, The validator instance takes two arguments: the data to validate and an array of validation rules. These two arguments are passed to the method ::make Creates a new validator instance of the validator mask.

use Illuminate\Http\Request; 

public function store (Request $request){
        $validator = Validator::make($request->all(),[
            'email' => 'required|unique:users|email',
            'age' => 'required|numeric',
            'password' => 'required|min:7|confirmed'
        ]);
        if ($validator->fails()) {
            // Return errors or redirect back with errors
            return $validator->errors();
        }
 
        // Retrieve the validated input...
        $validated = $validator->validated();
        // Continue logic to store the data

    }

If you want to add an automatic address, you can execute the method validate On an already existing validator instance. If validation fails, an XHR request generates a JSON response 422 Unprocessable Entity As a status code or the user is redirected immediately.

$validator = Validator::make($request->all(),[
'email' => 'required|unique:users|email',
'password' => 'required|min:7|confirmed'
])->validate();

You can also customize error messages by switching on Validate::make method the third parameter is called messages,

$validator = Validator::make($request->all(),[
            'email' => 'required|unique:users|email',
            'age' => 'required|numeric',
            'password' => 'required|min:7|confirmed'
        ], $messages = [
            'required' => 'The :attribute field is required.',
]);

Use: :attribute is replaced with the name of the field to validate.

Summary

It is important to perform data validation to keep your data set clean, correct and complete. Data validation helps eliminate data errors that could potentially harm or affect your project. Validation becomes increasingly important when dealing with large-scale and large amounts of data.

Laravel allows for a number of flexible ways to ensure the integrity and accuracy of data passing through your application. You can implement complex validation logic with predefined and customizable methods to make your codebase well-structured and more easily reusable.