Advanced Validation & Form Requests

use Illuminate\Validation\Rule; // Unique with multiple columns 'email' => [ 'required', Rule::unique('users') ->where('account_id', $accountId) ->ignore($userId) ->whereNull('deleted_at') ], // Conditional exists check 'parent_id' => [ 'nullable', Rule::exists('categories', 'id') ->where('type', 'parent') ->whereNull('archived_at') ], // In with database values 'status' => [ 'required', Rule::in(Status::pluck('code')->toArray()) ], // Custom unique rule with encryption 'username' => [ 'required', Rule::unique('users') ->using(function ($query) { return $query->where('tenant_id', auth()->user()->tenant_id); }) ]

use Illuminate\Validation\Rule; public function rules() { return [ 'email' => 'required|email', 'role' => 'required|in:user,admin,manager', // Validate only if role is admin 'permissions' => [ Rule::requiredIf($this->role === 'admin'), 'array' ], 'permissions.*' => 'exists:permissions,id', // Validate based on another field 'company_name' => [ Rule::requiredIf(function () { return $this->account_type === 'business'; }) ], // Exclude validation if condition met 'vat_number' => [ Rule::excludeIf($this->country !== 'UK'), 'required', 'regex:/^GB[0-9]{9}$/' ], // Prohibit field based on condition 'discount_code' => [ Rule::prohibitedIf($this->user()->hasActiveSubscription()), 'string' ] ]; } // Sometimes validation public function rules() { $rules = [ 'name' => 'required', 'email' => 'required|email' ]; // Add rules conditionally if ($this->has('is_premium')) { $rules['subscription_plan'] = 'required|exists:plans,id'; $rules['payment_method'] = 'required|in:card,paypal'; } return $rules; }

// Generate rule class php artisan make:rule Uppercase // app/Rules/Uppercase.php namespace App\Rules; use Illuminate\Contracts\Validation\ValidationRule; class Uppercase implements ValidationRule { public function validate(string $attribute, mixed $value, Closure $fail): void { if (strtoupper($value) !== $value) { $fail('The :attribute must be uppercase.'); } } } // Advanced custom rule with parameters class PhoneNumber implements ValidationRule { public function __construct( private string $countryCode = 'US' ) {} public function validate(string $attribute, mixed $value, Closure $fail): void { $pattern = match($this->countryCode) { 'US' => '/^\+1[0-9]{10}$/', 'UK' => '/^\+44[0-9]{10}$/', 'SA' => '/^\+966[0-9]{9}$/', default => '/^\+[0-9]{10,15}$/' }; if (!preg_match($pattern, $value)) { $fail("The :attribute must be a valid {$this->countryCode} phone number."); } } } // Usage in form request public function rules() { return [ 'name' => ['required', new Uppercase], 'phone' => ['required', new PhoneNumber('SA')] ]; }

namespace App\Http\Requests; use Illuminate\Foundation\Http\FormRequest; class StoreProductRequest extends FormRequest { public function rules() { return [ 'name' => 'required|string|max:255', 'price' => 'required|numeric|min:0', 'category_id' => 'required|exists:categories,id' ]; } // Execute after validation passes protected function passedValidation() { // Merge additional data $this->merge([ 'slug' => Str::slug($this->name), 'user_id' => auth()->id(), 'published_at' => now() ]); // Transform data $this->merge([ 'price' => $this->price * 100, // Convert to cents 'tags' => array_map('trim', explode(',', $this->tags)) ]); } // Execute after validator created but before validation public function withValidator($validator) { $validator->after(function ($validator) { // Cross-field validation if ($this->start_date > $this->end_date) { $validator->errors()->add( 'end_date', 'End date must be after start date.' ); } // Business logic validation if ($this->discount > 0 && !auth()->user()->canApplyDiscounts()) { $validator->errors()->add( 'discount', 'You don\'t have permission to apply discounts.' ); } }); } }

public function rules() { return [ // Array validation 'items' => 'required|array|min:1|max:10', 'items.*.name' => 'required|string|max:100', 'items.*.quantity' => 'required|integer|min:1', 'items.*.price' => 'required|numeric|min:0', // Nested object validation 'shipping' => 'required|array', 'shipping.address' => 'required|string', 'shipping.city' => 'required|string', 'shipping.postal_code' => 'required|string', // Multi-level nesting 'users' => 'array', 'users.*.name' => 'required|string', 'users.*.email' => 'required|email', 'users.*.roles' => 'array', 'users.*.roles.*.name' => 'required|exists:roles,name', 'users.*.roles.*.permissions' => 'array', 'users.*.roles.*.permissions.*' => 'exists:permissions,id', // Dynamic keys validation 'metadata' => 'array', 'metadata.*' => 'string|max:500' ]; } // Custom nested validation public function withValidator($validator) { $validator->after(function ($validator) { $total = collect($this->items) ->sum(fn($item) => $item['quantity'] * $item['price']); if ($total > 10000) { $validator->errors()->add( 'items', 'Total order value cannot exceed $10,000.' ); } }); }

namespace App\Http\Requests; class UpdateUserRequest extends FormRequest { // Authorize with policies public function authorize() { return $this->user()->can('update', $this->route('user')); } // Dynamic rules based on user role public function rules() { $rules = [ 'name' => 'required|string|max:255', 'email' => [ 'required', 'email', Rule::unique('users')->ignore($this->route('user')) ] ]; // Admins can change roles if ($this->user()->isAdmin()) { $rules['role'] = 'required|exists:roles,name'; } return $rules; } // Custom error messages public function messages() { return [ 'email.unique' => 'This email is already taken by another user.', 'name.required' => 'Please provide a name for the user.' ]; } // Custom attribute names public function attributes() { return [ 'email' => 'email address', 'phone' => 'phone number' ]; } // Prepare input before validation protected function prepareForValidation() { $this->merge([ 'slug' => Str::slug($this->name), 'phone' => preg_replace('/[^0-9+]/', '', $this->phone) ]); } }

// Return custom error format protected function failedValidation(Validator $validator) { throw new HttpResponseException( response()->json([ 'success' => false, 'message' => 'Validation failed', 'errors' => $validator->errors()->toArray(), 'timestamp' => now()->toIso8601String() ], 422) ); } // Log validation failures protected function failedValidation(Validator $validator) { Log::warning('Validation failed', [ 'user_id' => auth()->id(), 'url' => $this->fullUrl(), 'errors' => $validator->errors()->toArray() ]); parent::failedValidation($validator); } // Custom authorization failure protected function failedAuthorization() { throw new HttpResponseException( response()->json([ 'message' => 'You are not authorized to perform this action.' ], 403) ); }