The Spatie package manages user input validation primarily through a set of custom Laravel validation rules and integration with Laravel's validation system, providing a structured and extensible approach to validating data before it is processed or saved.
Validation Management in Spatie Packages
Custom Validation Rules
Spatie offers a collection of useful validation rules that extend Laravelâs native validation capabilities. These rules can be used in Laravel Form Requests or directly in controller validation logic. Examples include:- Authorized Rule: Validates if the logged-in user is authorized to perform a specific action on a model instance by checking policies, such as matching user IDs[1].
- Currency Rule: Validates if a given input is a valid currency code, supporting ISO 3166 standards[1].
- Enum Rule: Validates that the input value belongs to a predefined set of enum values, useful for strongly typed data[1].
- ModelsExist Rule: Checks if all values in an array exist as attributes in a specified model, ensuring referential integrity[1].
- Delimited Rule: Validates strings containing delimited values (e.g., comma-separated emails), including options to set minimum/maximum items, allow duplicates, and customize separators[1].
These rules integrate seamlessly with Laravelâs validation system, allowing developers to define them in the `rules()` method of Form Requests or inline validation arrays.
Validation in Spatie Laravel Data Package
The Spatie Laravel Data package enhances validation by validating data before creating data objects. Validation occurs automatically when:- Injecting a data object from a request.
- Calling the `from` method on a data object with request data.
You can also manually trigger validation via methods like `validate()` or `validateAndCreate()`. The package supports configuring validation strategies, such as always validating or disabling validation entirely, providing fine-grained control over when validation occurs[4].
Two-Step Validation
Spatie is exploring a two-step validation approach where:- The first step applies basic rules to ensure the data structure is sound and prevent PHP errors.
- The second step applies more complex validation rules.
This approach can improve robustness by catching errors early and providing clearer validation feedback[7].
Sanitization
While Spatieâs packages focus mainly on validation, Laravel itself handles sanitization implicitly through validation and data binding. For example, Laravelâs Form Requests automatically sanitize inputs by validating and filtering data before it is used in the application. Spatieâs validation rules complement this by ensuring the data conforms to specific business rules or formats.Developers can extend sanitization by creating custom validation attributes or by manually sanitizing inputs before or after validation as needed[3].
Summary
- Spatie provides a rich set of Laravel validation rules for common and complex validation scenarios, such as authorization checks, enum validation, existence checks, and delimited input validation[1].- The Laravel Data package from Spatie validates data before object creation, with options for manual or automatic validation and configurable validation strategies[4].
- A two-step validation process is being developed to enhance validation robustness[7].
- Sanitization is generally handled by Laravelâs validation and input handling mechanisms, with Spatieâs tools focusing on validation correctness and extensibility[3].
This approach ensures that user input is rigorously validated according to application-specific rules before processing, reducing errors and improving security.
Citations:
[1] https://github.com/spatie/laravel-validation-rules
[2] https://zapkit.dev/blog/ultimate-guide-to-validate-and-sanitize-http-requests-in-laravel
[3] https://spatie.be/docs/laravel-data/v4/validation/using-validation-attributes
[4] https://spatie.be/docs/laravel-data/v4/validation/introduction
[5] https://escape.tech/blog/laravel-sql-injection-guide/
[6] https://www.youtube.com/watch?v=SW1Ddj5pCAM
[7] https://github.com/spatie/laravel-data/discussions/470
[8] https://stackoverflow.com/questions/72186973/checking-for-user-permissions-with-spatie-package-fails-in-routes-and-in-control
[9] https://spatie.be/docs/laravel-model-states/v2/request-validation/01-state-validation-rule