Validation
- Basic Usage
- Checking the Validation Results
- Validating Files
- Throwing a Validation Exception
- Validating the Request
- Working with Error Messages
- Error Messages & Views
- Named Error Bags
- Available Validation Rules
- Conditionally Adding Rules
- Validating Arrays
- Custom Error Messages
- Specifying Custom Messages in Language Files
- Overriding Validation Messages Globally
- Custom Validation Rules
- Globally Registered Rules
- Local Rule Objects
The validator class is a simple, convenient facility for validating data and retrieving validation error messages via the Validator
class. It is useful when processing form data submitted by the end user.
When working with models, October CMS ships with a useful Validation Trait that implements the Validator
class and supports the same rule definitions.
Below is a list of all available validation rules:
- Accepted
- Active URL
- After (Date)
- Alpha
- Alpha Dash
- Alpha Numeric
- Array
- Before (Date)
- Between
- Boolean
- Confirmed
- Date
- Date Format
- Different
- Digits
- Digits Between
- Exists (Database)
- Image (File)
- In
- Integer
- IP Address
- Max
- MIME Types
- Min
- Not In
- Nullable
- Numeric
- Regular Expression
- Required
- Required If
- Required Unless
- Required With
- Required With All
- Required Without
- Required Without All
- Same
- Size
- String
- Timezone
- Unique (Database)
- Site Unique (Database)
- URL
# Basic Usage
In most cases you should first capture the user input and pass it to the make
method (first argument) and include the validation rules that should be applied to the data (second argument). In the following example, we capture the postback user input with the post()
helper function.
$data = post();
$validator = Validator::make($data, [
'name' => 'required|min:5'
]);
Multiple rules may be delimited using either a "pipe" character, or as separate elements of an array.
$validator = Validator::make($data, [
'name' => ['required', 'min:5']
]);
To validate multiple fields, simply add them to the array.
$data = [
'name' => 'Joe',
'password' => 'lamepassword',
'email' => 'email@example.tld'
];
$validator = Validator::make($data, [
'name' => 'required',
'password' => 'required|min:8',
'email' => 'required|email|unique:users'
]);
# Checking the Validation Results
Once a Validator
instance has been created, the fails
(or passes
) method may be used to perform the validation.
if ($validator->fails()) {
// The given data did not pass validation
}
If validation has failed, you may retrieve the error messages from the validator.
$messages = $validator->messages();
You may also access an array of the failed validation rules, without messages. To do so, use the failed
method:
$failed = $validator->failed();
# Validating Files
The Validator
class provides several rules for validating files, such as size
, mimes
, and others. When validating files, you may simply pass them into the validator with your other data.
$data = files() + post();
$validator = Validator::make($data, [...]);
It is not recommended to use unfiltered input()
values here since it contains GET values that can be used to potentially craft malicious links.
# Throwing a Validation Exception
In most cases, you'll be validating user input submitted using a form, and if validation fails, throwing a ValidationException
is a compatible action. As a shorter way to validate the form, you can use the validate
method directly.
$data = Validator::validate($data, $rules);
The validate
method returns filtered user data, the attributes and values that were validated.
The above method performs the equivalent functionality as the following code. It also demonstrates how you can pass the validator instance directly to the validation exception (first argument).
$validation = Validator::make($data, $rules);
if ($validation->fails()) {
throw new ValidationException($validation);
}
# Validating the Request
Another option is to use the Request
facade to perform validation on all user input. This removes the need to supply the data so you can just supply the rules (first argument). The validate
method returns filtered user data, the attributes and values that were validated.
$data = Request::validate($rules);
The return value from validate
is filtered by the validation rules. If the field is not defined in the rules, it won't be included in this data.
# Working with Error Messages
After calling the messages
method on a Validator
instance, you will receive a Illuminate\Support\MessageBag
instance, which has a variety of convenient methods for working with error messages.
# Retrieving the first error message for a field
echo $messages->first('email');
# Retrieving all error messages for a field
foreach ($messages->get('email') as $message) {
//
}
# Retrieving all error messages for all fields
foreach ($messages->all() as $message) {
//
}
# Determining if messages exist for a field
if ($messages->has('email')) {
//
}
# Retrieving an error message with a format
echo $messages->first('email', '<p>:message</p>');
Note: By default, messages are formatted using Bootstrap compatible syntax.
# Retrieving all error messages with a format
foreach ($messages->all('<li>:message</li>') as $message) {
//
}
# Error Messages & Views
Once you have performed validation, you will need an easy way to get the error messages back to your views. This is conveniently handled by October CMS. Consider the following AJAX handler as an example:
public function onRegister()
{
$rules = [];
$validator = Validator::make(input(), $rules);
if ($validator->fails()) {
return Redirect::to('register')->withErrors($validator);
}
}
Note that when validation fails, we pass the Validator
instance to the Redirect using the withErrors
method. This method will flash the error messages to the session so that they are available on the next request.
October CMS will always check for errors in the session data, and automatically bind them to the view if they are available. So, it is important to note that an errors
variable will always be available in all of your pages, on every request, allowing you to conveniently assume the errors
variable is always defined and can be safely used. The errors
variable will be an instance of MessageBag
.
So, after redirection, you may utilize the automatically bound errors
variable in your view:
{{ errors.first('email') }}
# Named Error Bags
If you have multiple forms on a single page, you may wish to name the MessageBag
of errors. This will allow you to retrieve the error messages for a specific form. Simply pass a name as the second argument to withErrors
.
return Redirect::to('register')->withErrors($validator, 'login');
You may then access the named MessageBag
instance from the $errors
variable:
{{ errors.login.first('email') }}
# Available Validation Rules
Below are all available validation rules and their functions.
# accepted
The field under validation must be yes, on, or 1. This is useful for validating "Terms of Service" acceptance.
# active_url
The field under validation must be a valid URL according to the checkdnsrr
PHP function.
# after:date
The field under validation must be a value after a given date. The dates will be passed into the PHP strtotime
function.
# alpha
The field under validation must be entirely alphabetic characters.
# alpha_dash
The field under validation may have alpha-numeric characters, as well as dashes and underscores.
# alpha_num
The field under validation must be entirely alpha-numeric characters.
# array
The field under validation must be of type array.
# before:date
The field under validation must be a value preceding the given date. The dates will be passed into the PHP strtotime
function.
# between:min,max
The field under validation must have a size between the given min and max. Strings, numerics, and files are evaluated in the same fashion as the size
rule.
# boolean
The field under validation must be able to be cast as a boolean. Accepted input are true
, false
, 1
, 0
, "1"
and "0"
.
# confirmed
The field under validation must have a matching field of foo_confirmation
. For example, if the field under validation is password
, a matching password_confirmation
field must be present in the input.
# date
The field under validation must be a valid date according to the strtotime
PHP function.
# date_format:format
The field under validation must match the format defined according to the date_parse_from_format
PHP function.
# different:field
The given field must be different than the field under validation.
# digits:value
The field under validation must be numeric and must have an exact length of value.
# digits_between:min,max
The field under validation must have a length between the given min and max.
The field under validation must be formatted as an e-mail address.
# exists:table,column
The field under validation must exist on a given database table.
Basic usage of exists rule
'state' => 'exists:states'
Specifying a custom column name
'state' => 'exists:states,abbreviation'
You may also specify more conditions that will be added as "where" clauses to the query:
'email' => 'exists:staff,email,account_id,1'
Passing NULL
as a "where" clause value will add a check for a NULL
database value:
'email' => 'exists:staff,email,deleted_at,NULL'
# image
The file under validation must be an image (jpeg, png, bmp, or gif)
# in:foo,bar,...
The field under validation must be included in the given list of values.
# integer
The field under validation must have an integer value.
# ip
The field under validation must be formatted as an IP address.
# max:value
The field under validation must be less than or equal to a maximum value. Strings, numerics, and files are evaluated in the same fashion as the size
rule.
# mimes:foo,bar,...
The file under validation must have a MIME type corresponding to one of the listed extensions.
# Basic usage of MIME rule
'photo' => 'mimes:jpeg,bmp,png'
# min:value
The field under validation must have a minimum value. Strings, numerics, and files are evaluated in the same fashion as the size
rule.
# not_in:foo,bar,...
The field under validation must not be included in the given list of values.
# nullable
The field under validation may be null
. This is particularly useful when validating primitive such as strings and integers that can contain null
values.
# numeric
The field under validation must have a numeric value.
# regex:pattern
The field under validation must match the given regular expression.
Note: When using the regex
pattern, it may be necessary to specify rules in an array instead of using pipe delimiters, especially if the regular expression contains a pipe character.
# required
The field under validation must be present in the input data.
# required_if:field,value,...
The field under validation must be present if the field field is equal to any value.
# required_unless:anotherfield,value,...
The field under validation must be present and not empty unless the anotherfield field is equal to any value.
# required_with:foo,bar,...
The field under validation must be present only if any of the other specified fields are present.
# required_with_all:foo,bar,...
The field under validation must be present only if all of the other specified fields are present.
# required_without:foo,bar,...
The field under validation must be present only when any of the other specified fields are not present.
# required_without_all:foo,bar,...
The field under validation must be present only when the all of the other specified fields are not present.
# same:field
The specified field value must match the field's value under validation.
# size:value
The field under validation must have a size matching the given value. For string data, value corresponds to the number of characters. For numeric data, value corresponds to a given integer value. For files, size corresponds to the file size in kilobytes.
# string:value
The field under validation must be a string type.
# timezone
The field under validation must be a valid timezone identifier according to the timezone_identifiers_list
PHP function.
# unique:table,column,except,idColumn
The field under validation must be unique on a given database table. If the column
option is not specified, the field name will be used.
Basic usage of unique rule.
'email' => 'unique:users'
Specifying a custom column name.
'email' => 'unique:users,email_address'
Forcing a unique rule to ignore a given ID.
'email' => 'unique:users,email_address,10'
Adding additional where clauses.
You may also specify more conditions that will be added as "where" clauses to the query:
'email' => 'unique:users,email_address,NULL,id,account_id,1'
In the rule above, only rows with an account_id
of 1
would be included in the unique check.
# site_unique:table,column,except,idColumn
The field under validation must be unique within the same site context. The definition is identical to the unique
rule.
'email' => 'site_unique:users'
# url
The field under validation must be formatted as an URL.
This function uses PHP's filter_var
method.
# Conditionally Adding Rules
In some situations, you may wish to run validation checks against a field only if that field is present in the input array. To quickly accomplish this, add the sometimes
rule to your rule list:
$v = Validator::make($data, [
'email' => 'sometimes|required|email',
]);
In the example above, the email
field will only be validated if it is present in the $data
array.
# Complex Conditional Validation
Sometimes you may wish to require a given field only if another field has a greater value than 100. Or you may need two fields to have a given value only when another field is present. Adding these validation rules doesn't have to be a pain. First, create a Validator
instance with your static rules that never change:
$v = Validator::make($data, [
'email' => 'required|email',
'games' => 'required|numeric',
]);
Let's assume our web application is for game collectors. If a game collector registers with our application and they own more than 100 games, we want them to explain why they own so many games. For example, perhaps they run a game re-sell shop, or maybe they just enjoy collecting. To conditionally add this requirement, we can use the sometimes
method on the Validator
instance.
$v->sometimes('reason', 'required|max:500', function($input) {
return $input->games >= 100;
});
The first argument passed to the sometimes
method is the name of the field we are conditionally validating. The second argument is the rules we want to add. If the Closure
passed as the third argument returns true
, the rules will be added. This method makes it a breeze to build complex conditional validations. You may even add conditional validations for several fields at once:
$v->sometimes(['reason', 'cost'], 'required', function($input) {
return $input->games >= 100;
});
The $input
parameter passed to your Closure
will be an instance of Illuminate\Support\Fluent
and may be used as an object to access your input and files.
# Validating Arrays
Validating array based form input fields doesn't have to be a pain. You may use "dot notation" to validate attributes within an array. For example, if the incoming HTTP request contains a photos[profile]
field, you may validate it like so:
$validator = Validator::make(input(), [
'photos.profile' => 'required|image',
]);
You may also validate each element of an array. For example, to validate that each e-mail in a given array input field is unique, you may do the following:
$validator = Validator::make(input(), [
'person.*.email' => 'email|unique:users',
'person.*.first_name' => 'required_with:person.*.last_name',
]);
Likewise, you may use the *
character when specifying your validation messages in your language files, making it a breeze to use a single validation message for array based fields:
'custom' => [
'person.*.email' => [
'unique' => 'Each person must have a unique e-mail address',
]
],
You may also use "array notation" in your validation rules if you wish. These rules will be converted to "dot notation" automatically on validation.
$validator = Validator::make(input(), [
'photos[profile]' => 'required|image',
'person[][email]' => 'email|unique:users',
]);
# Custom Error Messages
If needed, you may use custom error messages for validation instead of the defaults. There are several ways to specify custom messages. The following shows how to pass custom messages to the validator instance.
$messages = [
'required' => 'The :attribute field is required.',
];
$validator = Validator::make($input, $rules, $messages);
The :attribute
placeholder will be replaced by the actual name of the field under validation. You may also utilize other placeholders in validation messages. The following shows some other validation placeholders you may encounter.
$messages = [
'same' => 'The :attribute and :other must match.',
'size' => 'The :attribute must be exactly :size.',
'between' => 'The :attribute must be between :min - :max.',
'in' => 'The :attribute must be one of the following types: :values',
];
Sometimes you may wish to specify a custom error messages only for a specific field. The following will specify a custom message for the email
attribute when using the required rule.
$messages = [
'email.required' => 'We need to know your e-mail address!',
];
# Specifying Custom Messages in Language Files
In some cases, you may wish to specify your custom messages in a language file instead of passing them directly to the Validator
. To do so, add your messages to an array in the lang/xx/validation.php language file for your plugin.
return [
'required' => 'We need to know your e-mail address!',
'email.required' => 'We need to know your e-mail address!',
];
Then in your call to Validator::make
use the Lang:get
to use your custom files.
Validator::make($formValues, $validations, Lang::get('acme.blog::validation'));
# Overriding Validation Messages Globally
The default message strings for the validator are located in the modules/system/lang/xx/validation.php file. We recommend opening this file to locate all the available messages.
The file contains an array of messages for each validation rule. There is a custom
attribute for custom error messages using the "attribute.rule" naming convention, and a attributes
attribute to store custom attribute names.
return [
'required' => 'The :attribute field is required!',
// ...
'custom' => [
// ...
],
'attributes' => [
// ...
]
];
You can modify any of these values by creating a new file in the app directory, for example, for the en
locale, create a file called app/lang/system/en/validation.php. The values inside this file will override the default values and you can include just the values you want modified.
return [
'required' => 'Sorry, we need that field (:attribute) you gave!',
'attributes' => [
'email' => 'email address'
],
];
# Custom Validation Rules
There are a variety of helpful validation rules, however, you may wish to specify some of your own. First you should decide if your rule should be registered globally, or use a local rule object.
# Globally Registered Rules
A globally registered rule can be shared throughout your application by registering it with a tag and rule class. This is typically done in the register
method of a plugin registration file using the registerValidationRule
helper method.
public function register()
{
$this->registerValidationRule('uppercase', UppercaseRule::class);
}
In this instance, we have created a rule tagged uppercase and referenced our rule class where it becomes available to specify as a rule everywhere.
Validator::make($data, [
'shoutout' => 'required|uppercase',
]);
# Defining a Global Rule Class
A global rule class represents a single reusable validation rule for your models. At a minimum, the rule class must provide a validate
method that determines if the validation rule passes. You may also specify an optional message
method to return a custom error message.
class UppercaseRule
{
/**
* validate determines if the validation rule passes.
* @param string $attribute
* @param mixed $value
* @param array $params
* @return bool
*/
public function validate($attribute, $value, $params)
{
return strtoupper($value) === $value;
}
/**
* message gets the validation error message.
* @return string
*/
public function message()
{
return 'The :attribute must be uppercase.';
}
}
# Passing Arguments to Rules
Global rules can support passing arguments along with their definition. For example, a rule called betwixt may require two values. Parameters can be passed to a rule by separating with a colon (:
) and each parameter is seperated by a comma (,
).
$v = Validator::make($data, [
'name' => 'betwixt:1,6',
]);
The parameters are then passed to the validate method and become available. The error message can also be processed by defining a replace
method.
class BetwixtRule
{
/**
* validate between start and end parameters.
*/
public function validate($attribute, $value, $params)
{
[$start, $end] = $params;
return strlen($value) > $start && strlen($value) < $end;
}
/**
* message gets the validation error message.
* @return string
*/
public function message()
{
return 'The :attribute must be between :start and :end.';
}
/**
* replace defines custom placeholder replacements.
* @return string
*/
public function replace($message, $attribute, $rule, $params)
{
[$start, $end] = $params;
$message = str_replace(':start', $start, $message);
$message = str_replace(':end', $end, $message);
return $message;
}
}
# Local Rule Objects
The Laravel documentation on rule objects (opens new window) describes in more detail how to define a rule class. Specifically, the rule must implement the Illuminate\Contracts\Validation\Rule
contract which requires a passes
method to be defined.
class LowercaseRule implements \Illuminate\Contracts\Validation\Rule
{
/**
* passes checks if the rule is successful
* @param string $attribute
* @param mixed $value
* @return bool
*/
public function passes($attribute, $value)
{
return strtolower($value) === $value;
}
/**
* message gets the validation error message.
* @return string
*/
public function message()
{
return 'The :attribute must be lowercase.';
}
}
Once a rule is defined, it can be passed as an insatance to the Validator
service.
$v = Validator::make($data, [
'name' => ['required', new LowercaseRule],
]);
You may also implement the rule object in models using the beforeValidate
method override.
public function beforeValidate()
{
$this->rules['name'] = ['required', new LowercaseRule];
}