Laravel Validation: 12 Less-Known Tips in 13 Minutes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello guys today let's talk about validation rules in laravel and validation in general and i will show you like a dozen of tips that i've learned over my career in laravel i would call them less known things or maybe tricky things and we divide this video into three parts first we will talk about laravel rules of validation second we will talk about how to show the messages in different way the error messages and third how to deal and how to create form request in laravel a few less known things about each of them and as an example i've taken a default laravel breeze installation for registration form with a few fields i've added and we will add a few more along the way with different examples so first by default if you register with empty fields on the front end i've made them not required so the validation will throw on the back end and this is what you get so it lists all the errors that happens so we all know and use typical rule called required but did you know about two more rules which are really similar so for example there's present present means that this field is actually present even if it's empty the validation rule will pass so as you can see name empty but since it is present in the form the validation rule passes and if in the register blade would delete that name from the form so just comment it out and refresh the page and try to register then name field must be present so it's similar to required but a bit different and then another one is called filled instead of present we change that to field and it means if we register if the name field is present then it should be filled otherwise the validation is passing so it's not existing and it is okay but if we return that in the form and comment back and we don't fill that in then name field must have a value and it's even a different message it's not name is required must have a value so two more really similar validation rules so required filled or present then there are a few rules with required underscore something so required with name for example means that the age is required only if the name is not empty so let's remove that and if we just register age is required when name is not empty which means that age passes but if we enter something here register the age field is required when name is present so that's required with also there could be required if name means some value so if name is admin for example then we require age these are all hypothetical examples but you know the main logic now so let's register here age is not required but if we enter admin here age is required when name is admin and there are a few more rules in the official documentation like required unless required with all required without so check the official documentation it's the same thing with a different condition another thing that people often don't know is that if you do minimum with number you should be careful so in our blade we have type number for input age and we expect that to validate 18 age and above right let's see we put in 19 we register and the age must be at least 18 characters so it's not validating the number it's validating the length of that string to avoid that you need to put in numeric minimum 18 and then register then that error disappears so be careful while validating minimum and maximum with numbers without specifying numeric next let's quickly talk about file upload and specifically image upload and there is one validation rule which is rarely used it's called dimensions so you can specify for example dimensions for minimum and maximum so like this let's delete that validation rule and minimum for example 1000 and height 2000. let's put it in and try to upload something smaller than this this is an image we register and the avatar has invalid image dimensions or you can specify the ratio like three to two also another example of official documentation you can combine the rules so max width max height and ratio as well now let's talk about date validation so i've changed the field to birth date with input type date and we should validate that the date is not in the future right so let's try it out and we should validate that it's before today what is today you probably would do something like now to date string or something like that and let's try it out if it works so let's choose birth date in the future we register and the birth date must be a date before the 1st of march this is where i'm shooting this video but there's a shorter way you don't need to use now to date string before today is the shorter way let's try it out again register date before today so it's even saying today also you can use yesterday and tomorrow there are three syntax constants for that and also you can put in before start date so that could be a different field out of those validation other fields in this example we don't have any other one to compare but just so you know you can specify the field here another quick tip is that you can specify validation rules with the separator or as an array like this so required string and max like this and it may be more readable and also it may allow you to specify custom validation rules so why is it useful for example you want to specify the array of validation rules and one of the rule could be custom rule for example you can specify rule in from the documentation so you may allow rule in first zone or for example admin or user as a name and of course you need to auto complete the rule here so use rule on top like this and then let's try to put something meaningless here register selected name is invalid which means not in that rule but also you may register your own custom rule so in the documentation it says make rule uppercase and then you can provide that rule as the list like this as a new object in this case you are required to use the array syntax instead of just delimiter now let's talk about showing those validation messages one quick tip for those of you who want to use laravel gesturing or breeze it comes with the component for that so in register blade on top you may see before the form x off validation errors and what it is in the breeze for example it's in resources components auth validation errors and it just lists all the errors from the session in an ordered list this one and the name of the component says auth validation errors but in fact in any validation form you can use the same component so you can even rename that to just validation errors and if you put that on any form like this it will still show validation errors so it's a totally useful reusable component next what if you want to customize those messages so the name field is required you may specify your own message as a second parameter in request validate it's also an array so you may specify the field name dot rule name required name is incorrect for example or something like that let's try again register and you see the name is incorrect but also if you have multi-language project or non-english project you can customize that in validation files so in resources lang en which is default generated by laravel breeze there is a validation php file and in addition to default values you have a special section for custom attribute name in here let's do it the same name required custom message let's leave it at this and register and of course we need to return that to empty array here again we see custom message so you can specify the validation in the translation and for each of the language you may create its own validation php file and also you may customize just the name of that so the field name could be name but maybe you want to name it differently visually so like username or first name it's also possible in validation.php attributes name for example user name and then let's delete that one so we don't have any custom validation rule register the username field is required so the validation message is the same but the name of the field is whatever you provide here which may be translated into your language again next let's talk about form requests so if you generate the form request class like this with make request you probably want to use something like request all when creating the record so instead of this you would have request all right but it's kind of a security issue so if we fill the form with fake filler with actual data we register validation is passed and see name email password confirmation and birth date and the security issue is that if someone posts to that register by a postman or manually they can specify additional field and it would be passed without any validation instead of request all it's better to use request validated it's available only if you use form request classes so not directly available if you use request validate or validator make and look at the difference we refresh and only the fields that are available in the validation rules in here are passed to submitting the form so of course then you need to specify all the rules even if it's without any rule so age numeric for example or birth date for example birth date present and then we fill in the form and then that birth date will be present here in this array but as you can see avatar isn't present and password confirmation isn't present so if you use form request and i do advise to use form request use request validated instead of request all next thing is something that annoys me personally if you do make requests for example update user request or something the default value of authorized is false so if you open that update user request now you can see authorize equals false which means that every time i need to set that to true or to some condition and i understand it is for security because if by default it is true for everyone it's kind of a security issue but for me personally i know that always it will be true and i will make a middleware to protect that so how to customize the make request template so on each of the requests generated it would be true by default you can do php artisan stub publish and i think it's in laravel 8 only and then you need a new folder you have a new folder stub and a lot of files are editable from make request make controller or something like that so one of them is request and you can set that to true here and then you can do make request update whatever request and then if we open that update whatever as you can see authorize is set to true by default and final thing if your authorize is false or your condition isn't met and someone is unauthorized to do something you see this page how to customize that page because it doesn't look very good you need to run the command vendor publish laravel errors like this and then all your error pages will be in resources views errors so you will have something like resources views errors and then you have 403 blade which is forbidden and extends the minimal template you can change that for example to layout blade there are three template minimal layout and illustrated layout so for example if we change that to layout and refresh the same page it will show this action is unauthorized or you can customize whatever here so that's it a set of daily tips i'm shooting daily videos now on youtube for quite a long time if you want to support me on this mission check out one of the three products you can see on the screen quick admin panel generator for laravel admin panels teachable courses my own laravel courses which is 14 courses at the moment or live workout set of components for laravel livewire see you guys in other videos
Info
Channel: Laravel Daily
Views: 19,176
Rating: undefined out of 5
Keywords:
Id: ckhllNh79gM
Channel Id: undefined
Length: 13min 11sec (791 seconds)
Published: Wed Mar 03 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.