Laravel JSON Array Validation - Example & Important Tips

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] what is going on guys welcome to another quick lesson on laravel in this lesson we are going to learn how to validate json array and one very important thing to look out for when doing that what i have on the screen is a laravel project with a table customers which i added the table has these columns over here is the customer model with the fillable fields that is the fields that are mass assignable over to the api.php file we have customers route which takes post request when we call that throughout that endpoint we're going to call the store method in the customer controller let's take a look at the controller in the controller we have the store method the store method uses a form request class in this case create customer request in the create customer request class you will notice that we are validating just an object here not just an array the idea is that we start with json object so we can see how it differs from just an array validation and one thing to look out for here we have simple validation rules for name and email when we go back to the controller method in this line we are getting the validated data here we are creating a customer that is single one customer finally we return the justice response let me head over to postman and call the customers endpoint over to postman this is the endpoint customers endpoint and that is a post request if i go ahead and send the request you can see that our validation for json object applies it says that full name is required email is required according to our validation rules here full name as we have in that response is coming from here where i customized the error message for name field that is full name as we have here let me go ahead and supply the required field that is named john doe why not email email someone at example.com if i go ahead and send the request one more time this time we have a customer created and we also got the response if i open the database the table you can see we have that record that was inserted the subscription field is now is empty because we did not supply that notice one thing about this line of code where we are getting the validated data let me go to the validation rules you can see that here we don't have subscription right let me try to create another record this time i will add subscription subscription can be done whatever plan that the customer subscribe to maybe gold platinum as you define them after they have made payments that kind of thing if i go ahead and send this request one more time i will go to the database refresh the table you can see that the subscription is still empty despite that i sent it there are two things that could cause that if i go to customer you can see the subscription is not among the fee level so let me go ahead and add it here [Music] subscription let's try one more time send go back to the table refresh the subscription is still empty why is that so that is because we don't have subscription among the validation rules here there's no subscription here so when we call request validated only those fields that are specified in the validation rules will be available no matter what we supply here that is the reason despite that we have subscription in fill level we still don't have it in the table when we created that record i'll go back now and add subscription to the rule so you see the difference subscription no level string one more time send this time you can also see it from the response we have subscription if i go to the table refresh that last record has subscription but let's assume that subscription is not something you want any request to create you want that to happen only when the customer has paid to subscribe right so to protect against any mistake or someone fraudulently subscribing themselves let's remove subscription from filler and of course we also removed it from here but i think most important thing at this point is from philip now we won't have subscription whenever we create a customer like this notice that so far what we have done is to validate a json object that is single record and create a customer in the database table now let's take a look at how to validate json array how that differs from validating single record as well as that very important thing to look out for when validating json array to do that i will go to the form request class and change the validation rule a little bit what i want to do is we are going to expect customers field to be present in the request body so we say customers present as array this is array rule take note however that from laravel documentation it says that the field that uses this rule that is the array rule must be a php array unfortunately however we are not dealing with php array here we are dealing with json array the next line will be for the fields inside that array inside the object in the array so we say customers dot word card dot name this is how you target individual item inside the objects we have in the json array so name is required and that should be a string we do something similar for email we say email required and that should be email here where we are customizing the error message for name we say customer dot star dot name that is it we go back to the controller and change things up a little bit over to the controller we are going to change this because we are no more dealing with single record we are dealing with array of objects let me pause the video and modify the code to save some time i post the video and modified the store method let me explain what i did here we still get the validated data but because the customer's field is coming in as array we extract that field that is array of customers what we want to do is to insert the array data once into the table instead of inserting them one by one inside a loop to do that let's have a field and record customers data we look through the customers we got from the request and create an array that we are going to use in the insert method down here we insert the customers data at once so even if there are 100 records it doesn't matter the number we call the insert method only once finally we return a 201 status code when you use customer inside that is eloquent model column colon insert like this the created field is not inserted for you automatically it should be updated that that is the timestamps field that is the reason we are adding them manually here otherwise we could just do something like this just something to take notes off with this we can go back to postman and try to call it end point over to postman i've added another request here for json array you can see we have this customers key for just an array of objects so we go ahead and click send first let me actually remove that field so we see the validation rule applied i clicked to send the request it says that the customers field must be present according to this validation rule here let me click undo so we have the customers field which is an array it doesn't matter whether it is array of zero records or whatever right as long as the array is present let me bring back the data and click send one more time when i click send we have some data created you can see 201 status code which i returned from the method from the store method here if i open the table currently we have four records that's before we sent the json array payload let me refresh the table refresh we have additional two records which are the records that came from this request back to the table you will notice in the table we have the subscription field filled up for those two records we just created despite that in the validation rule we don't have anything called subscription here and if you remember when we validated single record we said and we also saw it that any field that is not in the validation rule is not present when we call request validated so that very important thing to take note of is this when you are validating json array that is not the case whatever field you supply here if you look at the request you can see that we added subscription here we also added it here despite that they are not present in the validation rule they were present when we called request validated if i go to the customer model you can see that we don't even have subscription in the field level another thing to take note of is this when you call eloquence model search the fillable rule does not really apply so despite that we don't have subscription in the field level we are able to insert those fields in our database table this can be a bridge a vulnerability that you are allowing whoever that is making this request to fill whatever column they want to fill and that will be inserted into the database irrespective of if those fields are available in your validation rule or not the question now is how do we solve this problem before we go ahead to solve the problem guys please hit the like button and subscribe if you have not done so to help the channel grow and so that this kind of content can get to people that need them there are different ways you can solve this problem i mean it is up to you for example i can go back to the store method here i'm going to explicitly state the fields i want to take from whatever that is coming in from the customers array that is from the request to do that i can come down here and say let's have a customer array instead of having datum down here i can say customer created at customer update this should be updated at updated ad in a similar way we can take what we need from the datum we take name that should be that tune name which refers to each of the fields we have inside here in the same way we can say email to be email datum email here we are taking items from that array finally we come here and say comment on that customer down here we insert the record let me go back and click send one more time over to postman i'm going to send the request one more time click send we go to the table here we have six records i will refresh you can see that now we have two additional records and the subscription fields are not filled up they are not empty so this is one of the way you can solve the problem by explicitly specifying what you are taking from the validated data all right guys that brings us to the end of this lesson i hope one or two things here makes sense to you until next time happy coding [Music] you
Info
Channel: ZestMade
Views: 7,464
Rating: undefined out of 5
Keywords: laravel validate array of objects, laravel json validation, laravel array validation, laravel validation
Id: q4GdzjnKWNc
Channel Id: undefined
Length: 16min 4sec (964 seconds)
Published: Mon Jan 03 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.