Mallow's Blog

Form Validation by Custom Rules

Form data validation is based on the type of data you specify for each field when creating a form. Only a particular set of characters is required for each data form, and precise validation rules apply. To validate the incoming data of your application, Laravel offers many different approaches. The validation method available on all incoming HTTP requests is most widely used. Laravel offers a number of helpful validation rules; however, you may want to specify any of your own. Using rule objects is one way of registering custom validation rules.

You can use the make:rule Artisan command to generate a new rule object. To generate a rule that verifies a surname string, let’s use this command.

Php artisan make:rule Surname

Once the rule is created, we are ready to define its behaviour. Two methods are included in the rule object: passes and message. The passes method receives the value and name of the attribute and should return true or false, depending on whether or not the value of the attribute is correct. The message method should return a validation error message to use when the validation fails:

<?php
namespace App\Rules;
use Illuminate\Contracts\Validation\Rule;
class Surname implements Rule
{
    /**
     * Determine if the validation rule passes.
*
     * @param string $attribute
     * @param mixed $value
     * @return bool
     */
    public function passes($attribute, $value)
    {
        if ($value && preg_match('/^[\pL\s\\/.,`()-]+$/u', $value)) {
            return true;
        }
        return false;
    }
    /**
     * Get the validation error message.
     *
     * @return string
     */
    public function message()
    {
        return 'Please enter a valid :attribute';
    }
}

Once the rule has been established, you can apply it to a FormRequest by passing in the similar way:

<?php
namespace App\Http\Requests;
use App\Rules\Surname;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\Exceptions\HttpResponseException;

class SurnameRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }
    /**
    * Get the validation rules that apply to the request.
    *
    * @return array
    */
public function rules()
{
return [
‘surname’=> ‘surname’,
];
}
}

Another way of defining custom rule is to declare it in AppServiceProvider using extend method in Validator Facade. The extend method has 3 parameters. They are rule name, closure to determine the functionality and the message to be displayed if validation fails.

Validator::extend(‘surname’, function($attribute, $value, $parameters, $validator) {
      if ($value && preg_match('/^[\pL\s\\/.,`()-]+$/u', $value)) {
            return true;
        }
        return false;
}, 'Please enter a valid :attribute');

Once the rule has been established, you can apply it to a FormRequest by passing in the similar way:

<?php
namespace App\Http\Requests;
use App\Rules\Surname;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Http\Exceptions\HttpResponseException;
class SurnameRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }
    /**
    * Get the validation rules that apply to the request.
    *
    * @return array
    */
public function rules()
{
return [
‘surname’=> ‘surname’,
];
}
}

Form validation is therefore necessary to prevent malicious users from misusing the web form. Improper validation of type data is one of the main causes of security vulnerabilities. This exposes the website to attacks such as header injections, SQL injections, and cross-site scripting.

Jayashree Vaishnavi Paramasivam,
PHP Team,
Mallow Technologies.

Leave a Reply

%d bloggers like this: