翻译进度
52
分块数量
6
参与人数

表单验证

这是一篇协同翻译的文章,你可以点击『我来翻译』按钮来参与翻译。


数据验证

简介

Laravel 提供了多种不同的方法来验证应用程序的传入数据。最常见的是使用所有传入 HTTP 请求上都可用的 validate 方法。不过,我们也将讨论其他验证方法。

Laravel 包含了各种方便的验证规则,您可以将它们应用于数据,甚至提供了验证值在给定数据库表中是否唯一的能力。我们将详细介绍这些验证规则,以便您熟悉 Laravel 的所有验证功能。

dszhxb 翻译于 2周前

快速开始

为了了解 Laravel 强大的验证功能,我们来看一个表单验证并将错误消息展示给用户的完整示例。通过阅读概述,这将会对你如何使用 Laravel 验证传入的请求数据有一个很好的理解:

定义路由

首先,假设我们在 routes/web.php 路由文件中定义了下面这些路由:

use App\Http\Controllers\PostController;

Route::get('/post/create', [PostController::class, 'create']);
Route::post('/post', [PostController::class, 'store']);

GET 路由会显示一个供用户创建新博客文章的表单,而 POST 路由会将新的博客文章存储到数据库中。

创建控制器

接下来,让我们一起来看看处理这些路由的简单控制器。我们暂时留空了 store 方法:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\View\View;

class PostController extends Controller
{
    /**
     * 博客的表单视图
     */
    public function create(): View
    {
        return view('post.create');
    }

    /**
     * 存储博客的 Action
     */
    public function store(Request $request): RedirectResponse
    {
        // 验证并且执行存储逻辑

        $post = /** ... */

        return to_route('post.show', ['post' => $post->id]);
    }
}

编写验证逻辑

现在我们开始在 store 方法中编写用来验证新的博客文章的逻辑代码。为此,我们将使用 Illuminate\Http\Request 类提供的 validate 方法。如果验证通过,你的代码会继续正常运行。如果验证失败,则会抛出 Illuminate\Validation\ValidationException 异常,并自动将对应的错误响应返回给用户。

dkp 翻译于 2个月前

如果传统HTTP请求验证失败,将会生成重定向响应跳转至上个URL。若传入请求为XHR请求,则会返回包含验证错误信息的JSON响应

为了更好地理解validate方法,让我们回到store方法:

/**
 * 存储新博客文章
 */
public function store(Request $request): RedirectResponse
{
    $validated = $request->validate([
        'title' => 'required|unique:posts|max:255',
        'body' => 'required',
    ]);

    // 博客文章验证通过...

    return redirect('/posts');
}

如您所见,验证规则被传入validate方法。不必担心 - 所有可用验证规则都已文档化。再次说明,如果验证失败,将会自动生成适当的响应。如果验证通过,控制器将继续正常执行。

或者,验证规则也可以指定为规则数组,而非单个|分隔的字符串:

$validatedData = $request->validate([
    'title' => ['required', 'unique:posts', 'max:255'],
    'body' => ['required'],
]);

此外,您可以使用validateWithBag方法验证请求并将错误信息存储到命名错误包中:

$validatedData = $request->validateWithBag('post', [
    'title' => ['required', 'unique:posts', 'max:255'],
    'body' => ['required'],
]);

首次验证失败即停止

有时您可能希望在属性首次验证失败后停止执行后续验证规则。为此,可给属性分配bail规则:

$request->validate([
    'title' => 'bail|required|unique:posts|max:255',
    'body' => 'required',
]);

在此示例中,如果title属性的unique规则失败,将不会检查max规则。规则将按照分配的顺序进行验证。

dszhxb 翻译于 2周前

关于嵌套属性的说明

如果传入的 HTTP 请求包含 「嵌套」 字段数据,您可以在验证规则中使用 「点」 语法来指定这些字段:

$request->validate([
    'title' => 'required|unique:posts|max:255',
    'author.name' => 'required',
    'author.description' => 'required',
]);

另一方面,如果您的字段名包含文字句点,可以通过在句点前添加反斜杠来显式阻止其被解释为 「点」 语法:

$request->validate([
    'title' => 'required|unique:posts|max:255',
    'v1\.0' => 'required',
]);

显示验证错误

那么,如果传入请求字段未通过给定的验证规则会怎样呢? 如前所述,Laravel 会自动将用户重定向到之前的位置。 此外,所有验证错误和 请求输入 都会自动 闪存到 Session

Illuminate\View\Middleware\ShareErrorsFromSession 中间件(由 web 中间件组提供)会将 $errors 变量共享给您应用的所有视图。 应用此中间件后, $errors 变量将始终在视图中可用,您可以放心地假设该变量已定义并可安全使用。 $errors 变量是 Illuminate\Support\MessageBag 的一个实例。 有关此对象的更多信息,请 查阅其文档

在我们的示例中,当验证失败时,用户将被重定向到控制器的 create 方法,使我们能够在视图中显示错误信息:

<!-- /resources/views/post/create.blade.php -->

<h1>创建文章</h1>

@if ($errors->any())
    <div class="alert alert-danger">
        <ul>
            @foreach ($errors->all() as $error)
                <li>{{ $error }}</li>
            @endforeach
        </ul>
    </div>
@endif

<!-- 创建文章表单 -->
dszhxb 翻译于 2周前

自定义错误消息

Laravel 的内置验证规则每个都有对应的错误消息,这些消息位于您应用的 lang/en/validation.php 文件中。 如果您的应用没有 lang 目录,您可以使用 lang:publish Artisan 命令让 Laravel 创建它。

lang/en/validation.php 文件中,您会找到每个验证规则的翻译条目。 您可以根据应用的需求自由更改或修改这些消息。

此外,您可以将此文件复制到其他语言目录,以翻译成您应用所需的语言。 要了解更多关于 Laravel 本地化的信息,请查阅完整的 本地化文档

[!警告]
默认情况下,Laravel 应用骨架不包含 lang 目录。 如果您想自定义 Laravel 的语言文件,可以通过 lang:publish Artisan 命令来发布它们。

XHR 请求与验证

在这个例子中,我们使用了传统表单向应用发送数据。 然而,许多应用会收到来自 JavaScript 驱动前端的 XHR 请求。 当在 XHR 请求中使用 validate 方法时,Laravel 不会生成重定向响应。 相反,Laravel 会生成一个 包含所有验证错误的 JSON 响应 。 此 JSON 响应将附带 422 HTTP 状态码一起发送。

@error 指令

您可以使用 @error Blade 指令来快速判断给定属性是否存在验证错误消息。 在 @error 指令内部,您可以回显 $message 变量来显示错误消息:

<!-- /resources/views/post/create.blade.php -->

<label for="title">文章标题</label>

<input
    id="title"
    type="text"
    name="title"
    class="@error('title') is-invalid @enderror"
/>

@error('title')
    <div class="alert alert-danger">{{ $message }}</div>
@enderror
dszhxb 翻译于 2周前

如果您使用的是 命名错误包 ,可以将错误包的名称作为第二个参数传递给 @error 指令:

<input ... class="@error('title', 'post') is-invalid @enderror">

表单数据回填

当 Laravel 因验证错误而生成重定向响应时,框架会自动 将请求的所有输入数据闪存到 Session 。 这样做的目的是让您可以在下次请求时方便地访问这些输入数据,并重新填充用户尝试提交的表单。

要从上一个请求中获取闪存的输入数据,可以在 Illuminate\Http\Request 实例上调用 old 方法。 old 方法会从 Session 中提取之前闪存的输入数据:

$title = $request->old('title');

Laravel 还提供了一个全局的 old 辅助函数。 如果您在 Blade 模板 中显示旧输入数据,使用 old 辅助函数来回填表单会更加方便。 如果给定字段没有旧的输入数据,将返回 null

<input type="text" name="title" value="{{ old('title') }}">

关于可选字段的说明

默认情况下,Laravel 在应用的全局中间件堆栈中包含 TrimStringsConvertEmptyStringsToNull 中间件。 因此,如果您不希望验证器将 null 值视为无效,通常需要将「可选」请求字段标记为 nullable 。 例如:

$request->validate([
    'title' => 'required|unique:posts|max:255',
    'body' => 'required',
    'publish_at' => 'nullable|date',
]);
dszhxb 翻译于 2周前

在这个例子中,我们指定 publish_at 字段可以为 null 或有效的日期表示。如果没有将 nullable 修饰符添加到规则定义中,则验证器会将 null 视为无效日期。

验证错误响应格式

当您的应用程序抛出 Illuminate\Validation\ValidationException 异常,并且传入的 HTTP 请求希望返回 JSON 响应时,Laravel 将自动为您格式化错误消息,并返回 422 Unprocessable Entity HTTP 响应。

下面是验证错误的 JSON 响应格式示例。注意,嵌套的错误键会被转换为「点」符号格式:

{
    "message": "The team name must be a string. (and 4 more errors)",
    "errors": {
        "team_name": [
            "The team name must be a string.",
            "The team name must be at least 1 characters."
        ],
        "authorization.role": [
            "The selected authorization.role is invalid."
        ],
        "users.0.email": [
            "The users.0.email field is required."
        ],
        "users.2.email": [
            "The users.2.email must be a valid email address."
        ]
    }
}

表单请求验证

创建表单请求

对于更复杂的验证场景,您可能希望创建一个「表单请求」。表单请求是自定义请求类,封装了自己的验证和授权逻辑。要创建一个表单请求类,您可以使用 make:request Artisan CLI 命令:

php artisan make:request StorePostRequest

生成的表单请求类将被放置在 app/Http/Requests 目录中。如果此目录不存在,则在运行 make:request 命令时将创建该目录。Laravel 生成的每个表单请求都有两个方法:authorizerules

authcontroller 翻译于 2周前

正如您可能想到的,authorize 方法负责确定当前已认证的用户是否可以执行请求所代表的操作,而 rules 方法则返回应当应用于请求数据的验证规则:

/**
 * 获取应用于请求的验证规则。
 *
 * @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
 */
public function rules(): array
{
    return [
        'title' => 'required|unique:posts|max:255',
        'body' => 'required',
    ];
}

注意
您可以在 rules 方法的签名中类型提示任何您需要的依赖项。它们将通过 Laravel 服务容器 自动解析。

那么,验证规则是如何被评估的呢?您只需要在控制器方法中对请求进行类型提示。传入的表单请求会在控制器方法被调用之前进行验证,这意味着您不需要在控制器中添加任何验证逻辑:

/**
 * 存储新的博客文章。
 */
public function store(StorePostRequest $request): RedirectResponse
{
    // 传入的请求是有效的...

    // 检索已验证的输入数据...
    $validated = $request->validated();

    // 检索部分验证过的输入数据...
    $validated = $request->safe()->only(['name', 'email']);
    $validated = $request->safe()->except(['name', 'email']);

    // 存储博客文章...

    return redirect('/posts');
}

如果验证失败,将生成一个重定向响应,将用户送回他们之前的位置。错误信息也会被闪存到 session 中,以便显示。如果请求是 XHR 请求,将向用户返回一个 HTTP 422 状态码的响应,其中包含 验证错误的 JSON 表示

注意
需要为您的 Inertia 驱动的 Laravel 前端添加实时表单请求验证吗? 请查看 Laravel 实时服务器端表单验证扩展

authcontroller 翻译于 2周前

执行附加验证

有时,在完成初始验证后,你需要执行额外的验证。您可以使用表单请求的 after 方法来完成此操作。

after 方法应返回一个可调用或闭包数组,这些数组将在验证完成后调用。给定的可调用程序将接收一个 Illuminate\Validation\Validator 实例,允许你在必要时引发额外的错误消息:

use Illuminate\Validation\Validator;

/**
 * 获取请求的「after」验证可调用项。
 */
public function after(): array
{
    return [
        function (Validator $validator) {
            if ($this->somethingElseIsInvalid()) {
                $validator->errors()->add(
                    'field',
                    'Something is wrong with this field!'
                );
            }
        }
    ];
}

如上所述,after 方法返回的数组也可能包含可调用的类。这些类的 __invoke 方法将接收一个 Illuminate\Validation\Validator 实例:

use App\Validation\ValidateShippingTime;
use App\Validation\ValidateUserStatus;
use Illuminate\Validation\Validator;

/**
 * 获取请求的「after」验证可调用项。
 */
public function after(): array
{
    return [
        new ValidateUserStatus,
        new ValidateShippingTime,
        function (Validator $validator) {
            //
        }
    ];
}

在首次验证失败时停止

通过添加 stopOnFirstFailure 属性到请求类,你可以通知验证器,一旦发生单个验证失败,它就应该停止验证所有属性:

/**
 * 指示验证程序是否应在第一个规则失败时停止。
 *
 * @var bool
 */
protected $stopOnFirstFailure = true;

自定义重定向位置

当表单请求验证失败时,生成的重定向响应,将会使用户返回到原来的位置。不过,你可以自由地自定义此行为。如果要这么做,请在表单请求中定义 $redirect 属性:

/**
 * 验证失败时,用户应当跳转的URI
 *
 * @var string
 */
protected $redirect = '/dashboard';
authcontroller 翻译于 2周前

或者,如果您想将用户重定向到命名路由,您可以定义一个 $redirectRoute 属性:

/**
 * 如果验证失败,用户应该被重定向到的路由。
 *
 * @var string
 */
protected $redirectRoute = 'dashboard';

授权表单请求

表单请求类还包含一个 authorize 方法。在这个方法中,您可以确定已认证的用户是否真正有权更新给定的资源。例如,您可以确定用户是否真的拥有他们试图更新的博客评论。通常,您会在这个方法中与您的 授权门禁和策略 进行交互:

use App\Models\Comment;

/**
 * 确定用户是否有权进行此请求。
 */
public function authorize(): bool
{
    $comment = Comment::find($this->route('comment'));

    return $comment && $this->user()->can('update', $comment);
}

由于所有表单请求都继承自 Laravel 的基础请求类,我们可以使用 user 方法来访问当前已认证的用户。另外,注意上面示例中对 route 方法的调用。这个方法允许您访问在被调用路由上定义的 URI 参数,比如下面示例中的 {comment} 参数:

Route::post('/comment/{comment}');

因此,如果您的应用程序利用了 路由模型绑定,您的代码可以通过将解析后的模型作为请求的属性来访问,从而变得更加简洁:

return $this->user()->can('update', $this->comment);

如果 authorize 方法返回 false,一个带有 403 状态码的 HTTP 响应将会被自动返回,并且您的控制器方法将不会被执行。

authcontroller 翻译于 2周前

如果您计划在应用程序的其他部分处理请求的授权逻辑,您可以完全移除 authorize 方法,或者简单地返回 true

/**
 * 确定用户是否有权处理此请求。
 */
public function authorize(): bool
{
    return true;
}

注意
你可以在 authorize 方法的签名中键入提示你需要的任何依赖项。 它将会使用 Laravel 服务容器 自动解析。

自定义错误消息

您可以通过重写 messages 方法来自定义表单请求使用的错误消息。此方法应返回一个属性 / 规则对及其对应错误消息的数组:

/**
 * 获取定义的验证规则的错误消息。
 *
 * @return array<string, string>
 */
public function messages(): array
{
    return [
        'title.required' => 'A title is required',
        'body.required' => 'A message is required',
    ];
}

自定义验证属性

Laravel 的许多内置验证规则错误消息包含 :attribute 占位符。如果您想要将验证消息中的 :attribute 占位符替换为自定义属性名,可以通过重写 attributes 方法来指定自定义名称。此方法应返回一个属性 / 名称对的数组:

/**
 * 获取验证器错误的自定义属性。
 *
 * @return array<string, string>
 */
public function attributes(): array
{
    return [
        'email' => 'email address',
    ];
}

准备验证输入

如果您需要在应用验证规则之前准备或清理请求中的任何数据,可以使用 prepareForValidation 方法:

use Illuminate\Support\Str;

/**
 * 准备验证数据。
 */
protected function prepareForValidation(): void
{
    $this->merge([
        'slug' => Str::slug($this->slug),
    ]);
}
authcontroller 翻译于 2周前

同样,如果您需要在验证完成后规范化任何请求数据,可以使用 passedValidation 方法:

/**
 * 处理验证通过的请求。
 */
protected function passedValidation(): void
{
    $this->replace(['name' => 'Taylor']);
}

手动创建验证器

如果您不想在请求上使用 validate 方法,您可以使用 Validator 门面 手动创建一个验证器实例。门面上的 make 方法生成一个新的验证器实例:

<?php

namespace App\Http\Controllers;

use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;

class PostController extends Controller
{
    /**
     * 存储一篇新的博客文章。
     */
    public function store(Request $request): RedirectResponse
    {
        $validator = Validator::make($request->all(), [
            'title' => 'required|unique:posts|max:255',
            'body' => 'required',
        ]);

        if ($validator->fails()) {
            return redirect('/post/create')
                ->withErrors($validator)
                ->withInput();
        }

        // 检索验证后的输入...
        $validated = $validator->validated();

        // 检索验证后输入的一部分...
        $validated = $validator->safe()->only(['name', 'email']);
        $validated = $validator->safe()->except(['name', 'email']);

        // 存储博客文章...

        return redirect('/posts');
    }
}

传递给 make 方法的第一个参数是要验证的数据。第二个参数是应用于数据的验证规则数组。

在确定请求验证是否失败后,您可以使用 withErrors 方法将错误消息闪存到会话中。当使用此方法时, $errors 变量将在重定向后自动与您的视图共享,允许您轻松地将它们显示给用户。 withErrors 方法接受一个验证器、一个 MessageBag 或一个 PHP array

authcontroller 翻译于 2周前

首次验证失败时停止

stopOnFirstFailure 方法将通知验证器,一旦发生单个验证失败,它就会停止验证所有属性:

if ($validator->stopOnFirstFailure()->fails()) {
    // ...
}

自动重定向

如果您想手动创建一个验证程序实例,但仍然利用 HTTP 请求的 validate 方法提供的自动重定向,则可以在现有的验证程序实例上调用 validate 方法。如果验证失败,用户将自动重定向,或者在 XHR 请求的情况下,将 返回JSON响应:

Validator::make($request->all(), [
    'title' => 'required|unique:posts|max:255',
    'body' => 'required',
])->validate();

如果验证失败,你可以使用 validateWithBag 方法将错误消息存储在 命名错误包 中:

Validator::make($request->all(), [
    'title' => 'required|unique:posts|max:255',
    'body' => 'required',
])->validateWithBag('post');

命名错误包

如果您在一个单页面上有多个表单,您可能希望命名包含验证错误的 MessageBag ,以便检索特定表单的错误消息。要实现这一点,请将名称作为第二个参数传递给 withErrors

return redirect('/register')->withErrors($validator, 'login');

您可以在之后从 $errors 变量访问命名的 MessageBag 实例:

{{ $errors->login->first('email') }}

自定义错误消息

如果需要,您可以提供验证器实例应该使用的自定义错误消息,替换 Laravel 提供的默认错误消息。有几种方法可以指定自定义消息。首先,您可以将自定义消息作为第三个参数传递给 Validator::make 方法:

$validator = Validator::make($input, $rules, $messages = [
    'required' => 'The :attribute field is required.',
]);
authcontroller 翻译于 1周前

在本例中,:attribute 占位符将替换为正在验证字段的实际名称。您也可以在验证消息中使用其他占位符。例如

$messages = [
    'same' => 'The :attribute and :other must match.',
    'size' => 'The :attribute must be exactly :size.',
    'between' => 'The :attribute value :input is not between :min - :max.',
    'in' => 'The :attribute must be one of the following types: :values',
];

给自定义消息指定属性

有时,你可能希望仅为特定属性指定自定义错误消息。您可以使用点 「.」表示法。首先指定属性的名称,然后指定规则:

$messages = [
    'email.required' => 'We need to know your email address!',
];

指定自定义属性值

Laravel 的许多内置错误消息都包括一个 :attribute 占位符,该占位符被替换为正在验证的字段或属性的名称。要自定义用于替换特定字段的占位符的值,可以将自定义属性数组作为第四个参数传递给 Validator::make 方法:

$validator = Validator::make($input, $rules, $messages, [
    'email' => 'email address',
]);

执行附加验证

有时,在初始验证完成后,您需要执行额外的验证。您可以使用验证器的 after 方法来实现这一点。 after 方法接受一个闭包或一个可调用数组,这些闭包或数组将在验证完成后调用。给定的可调用程序将接收一个 Illuminate\Validation\Validator 实例,允许你在必要时引发额外的错误消息:

use Illuminate\Support\Facades\Validator;

$validator = Validator::make(/* ... */);

$validator->after(function ($validator) {
    if ($this->somethingElseIsInvalid()) {
        $validator->errors()->add(
            'field', 'Something is wrong with this field!'
        );
    }
});

if ($validator->fails()) {
    // ...
}
authcontroller 翻译于 1周前

如上所述, after 方法也接受一个可调用的对象数组,如果你的 「after validation」逻辑被封装在可调用类中,这将特别方便,这些类将通过其 __invoke 方法接收一个 Illuminate\Validation\Validator 实例:

use App\Validation\ValidateShippingTime;
use App\Validation\ValidateUserStatus;

$validator->after([
    new ValidateUserStatus,
    new ValidateShippingTime,
    function ($validator) {
        // ...
    },
]);

使用已验证过的输入

在使用表单请求或手动创建的验证器实例验证传入的请求数据之后,您可能希望检索实际经过验证的传入请求数据。这可以通过几种方式实现。首先,你可以在表单请求或验证器实例上调用 validated 方法。这个方法返回一个经过验证的数据数组:

$validated = $request->validated();

$validated = $validator->validated();

或者,你可以在表单请求或验证器实例上调用 safe 方法。这个方法返回一个 Illuminate\Support\ValidatedInput 实例。这个对象暴露了 onlyexceptall 方法来检索已验证数据的子集或整个已验证数据的数组:

$validated = $request->safe()->only(['name', 'email']);

$validated = $request->safe()->except(['name', 'email']);

$validated = $request->safe()->all();

此外, Illuminate\Support\ValidatedInput 实例可以像数组一样被迭代和访问:

// 验证过的数据可以被迭代...
foreach ($request->safe() as $key => $value) {
    // ...
}

// 验证过的数据可以作为数组访问...
$validated = $request->safe();

$email = $validated['email'];

如果您想添加额外的字段到已验证的数据,可以调用 merge 方法:

$validated = $request->safe()->merge(['name' => 'Taylor Otwell']);
authcontroller 翻译于 1周前

如果您想将已验证的数据作为 集合 实例检索, 您可以调用 collect 方法:

$collection = $request->safe()->collect();

处理错误消息

Validator 实例上调用 errors 方法后,您将收到一个 Illuminate\Support\MessageBag 实例,它有多种方便的方法来处理错误消息。自动提供给所有视图的 $errors 变量也是 MessageBag 类的实例。

检索字段的第一个错误消息

要检索给定字段的第一个错误消息,请使用 first 方法:

$errors = $validator->errors();

echo $errors->first('email');

检索字段的所有错误消息

如果您需要检索给定字段的所有消息数组,请使用 get 方法:

foreach ($errors->get('email') as $message) {
    // ...
}

如果您正在验证数组表单字段,可以使用 * 字符检索数组中每个元素的所有消息:

foreach ($errors->get('attachments.*') as $message) {
    // ...
}

检索所有字段的所有错误消息

要检索所有字段的所有消息数组,请使用 all 方法:

foreach ($errors->all() as $message) {
    // ...
}

确定字段是否存在消息

has 方法可用于确定给定字段是否存在任何错误消息:

if ($errors->has('email')) {
    // ...
}
authcontroller 翻译于 1周前

在语言文件中指定自定义消息

Laravel 的内置验证规则都有一个错误消息,位于应用程序的 lang/en/validation.php 文件中。如果您的应用没有 lang 目录,您可以让 Laravel 使用 lang:publish Artisan 命令创建它。

lang/en/validation.php 文件中,您将找到每个验证规则的翻译条目。您可以根据应用程序的需要自由地更改或修改这些消息。

此外,您可以将此文件复制到另一个语言目录,以便为您应用程序的语言翻译消息。要了解更多有关 Laravel 本地化的信息,请查看完整的 本地化文档

警告
默认,Laravel 应用程序骨架不包含 lang 目录。如果您想自定义 Laravel 的语言文件,可以通过 lang:publish Artisan 命令发布它们。

为特定属性自定义消息

您可以在应用程序的验证语言文件中自定义用于指定属性和规则组合的错误消息。为此,您可以添加消息自定义到您应用程序 lang/xx/validate.php 语言文件的 custom 数组中:

'custom' => [
    'email' => [
        'required' => 'We need to know your email address!',
        'max' => 'Your email address is too long!'
    ],
],

在语言文件中指定属性

Laravel的许多内置错误信息都包含一个 :attribute 占位符,它被正在验证的字段或属性的名称所替换。如果您想用一个自定义值替换验证消息的 :attribute 部分,你可以在您的 lang/xx/validate.php 语言文件的 attributes 数组中指定自定义属性名称:

'attributes' => [
    'email' => 'email address',
],

警告
默认,Laravel 应用程序骨架不包含 lang 目录。如果您想自定义 Laravel 的语言文件,您可以通过 lang:publish Artisan命令发布它们。

authcontroller 翻译于 1周前

在语言文件中指定值

Laravel 的一些内置验证规则错误消息包含一个 :value 占位符,它会被替换为请求属性的当前值。但是,有时您可能需要将验证消息的 :value 部分替换为值的自定义表示。例如,考虑以下规则,该规则指定当 payment_type 的值为 cc 时,需要提供信用卡号码:

Validator::make($request->all(), [
    'credit_card_number' => 'required_if:payment_type,cc'
]);

如果此验证规则失败,它将产生以下错误消息:

The credit card number field is required when payment type is cc.

您可以在 lang/xx/validation.php 语言文件中定义一个 values 数组,以指定一个更加友好的值表示,而不是展示 cc 作为支付类型值:

'values' => [
    'payment_type' => [
        'cc' => 'credit card'
    ],
],

警告
默认情况下,Laravel 应用程序骨架不包含 lang 目录。如果您想自定义 Laravel 的语言文件,可以通过 lang:publish Artisan 命令发布它们。

定义这个值后,验证规则将产生以下错误消息:

The credit card number field is required when payment type is credit card.

可用的验证规则

以下是所有可用验证规则及其功能的列表:

authcontroller 翻译于 2周前

实用工具

accepted

待验证的字段必须是 「yes」「on」1「1」true ,或 「true」 。这对于验证 「服务条款」 接受情况或相似字段很有用。

accepted_if:anotherfield,value,...

如果正在验证的另一个字段等于指定值,则正在验证的字段必须为 「yes」「on」1「1」true ,或 「true」 。这对于验证 「服务条款」 接受情况或类似字段很有用。

active_url

根据 PHP 函数 dns_get_record ,验证中的字段必须具有有效的 A 或 AAAA 记录。提供的 URL 的主机名在传递给 dns_get_record 之前使用 PHP 函数 parse_url 提取。

after:date

验证中的字段必须是给定日期之后的值。该日期将被传递到 PHP 函数 strtotime 中,以便转换为有效的 DateTime 实例:

'start_date' => 'required|date|after:tomorrow'
authcontroller 翻译于 2周前

您可以指定另一个字段与日期进行比较,而不是传递要由 strtotime 计算的日期字符串:

'finish_date' => 'required|date|after:start_date'

为方便起见,基于日期的规则可以使用流畅的 date 规则构建器来构建:

use Illuminate\Validation\Rule;

'start_date' => [
    'required',
    Rule::date()->after(today()->addDays(7)),
],

afterTodaytodayOrAfter 方法可以分别用来流利地表示日期必须在今天之后或今天或之后:

'start_date' => [
    'required',
    Rule::date()->afterToday(),
],

after_or_equal:date

待验证的字段必须是在给定日期之后或等于给定日期的值。更多信息,请查看 after 规则。

为方便起见,基于日期的规则可以使用流畅的 date 规则构建器来构建:

use Illuminate\Validation\Rule;

'start_date' => [
    'required',
    Rule::date()->afterOrEqual(today()->addDays(7)),
],

anyOf

Rule::anyOf 验证规则允许您指定验证的字段必须满足任何给定的验证规则集。例如,下面的规则将验证 username 字段是一个电子邮件地址还是一个至少6个字符长的字母数字字符串(包括破折号):

use Illuminate\Validation\Rule;

'username' => [
    'required',
    Rule::anyOf([
        ['string', 'email'],
        ['string', 'alpha_dash', 'min:6'],
    ]),
],

alpha

待验证的字段必须完全是包含在 \p{L}\p{M}中的 Unicode 字母字符。

authcontroller 翻译于 1周前

要将此验证规则限制为 ASCII 范围内的字符( a-zA-Z ),您可以为验证规则提供 ASCII 选项:

'username' => 'alpha:ascii',

alpha_dash

验证的字段必须完全是包含在 \p{L} , \p{M} , \p{N} 中的 Unicode 字母数字字符,以及 ASCII 破折号 ( - ) 和 ASCII 下划线 ( _ )。

要将此验证规则限制为 ASCII 范围内的字符( a-zA-Z ,和 0-9 ),您可以为验证规则提供 ASCII 选项:

'username' => 'alpha_dash:ascii',

alpha_num

待验证的字段必须完全是包含在 \p{L}, \p{M}, 和 \p{N}中的 Unicode 字母字符。

要将此验证规则限制为 ASCII 范围内的字符( a-zA-Z ,和 0-9 ),您可以为验证规则提供 ASCII 选项:

'username' => 'alpha_num:ascii',

array

待验证字段必须是一个 PHP 数组。

当向 array 规则提供附加值时,输入数组中的每个键都必须出现在提供给规则的值列表中。在以下示例中,输入数组中的 admin 键无效,因为它不包含在提供给 array 规则的值列表中:

use Illuminate\Support\Facades\Validator;

$input = [
    'user' => [
        'name' => 'Taylor Otwell',
        'username' => 'taylorotwell',
        'admin' => true,
    ],
];

Validator::make($input, [
    'user' => 'array:name,username',
]);
authcontroller 翻译于 1周前

通常,您应该始终指定允许出现在数组中的数组键。

ascii

待验证的字段必须完全是 7 位的 ASCII 字符。

bail

字段首次验证失败后停止运行验证规则。

虽然 bail 规则只会在遇到验证失败时停止验证特定字段,但 stopOnFirstFailure 方法会通知验证器,一旦发生单个验证失败,它应该停止验证所有属性:

if ($validator->stopOnFirstFailure()->fails()) {
    // ...
}

before:date

待验证字段的值对应的日期必须在给定的日期之前。这个日期将被传递给 PHP 函数 strtotime 以便转化为有效的 DateTime 实例。此外,像 after 规则一样,另一个待验证的字段名称支持作为 date 的值。

为方便起见,基于日期的规则也可以使用流畅的 date 规则构建器来构建:

use Illuminate\Validation\Rule;

'start_date' => [
    'required',
    Rule::date()->before(today()->subDays(7)),
],

beforeTodaytodayOrBefore 方法可以分别用来流利地表示日期必须在今天之前或今天或之前:

'start_date' => [
    'required',
    Rule::date()->beforeToday(),
],

before_or_equal:date

待验证字段的值对应的日期必须在给定的日期之前或等于被给定的日期。这个日期将被传递给 PHP 函数 strtotime 以便转化为有效的 DateTime 实例。此外,像 after 规则一样,另一个待验证的字段名称支持作为 date 的值。

为方便起见,基于日期的规则也可以使用流畅的 date 规则构建器来构建:

use Illuminate\Validation\Rule;

'start_date' => [
    'required',
    Rule::date()->beforeOrEqual(today()->subDays(7)),
],
authcontroller 翻译于 1周前

between:min,max

待验证字段值的大小必须介于给定的最小值和最大值(含)之间。 字符串、数字、数组和文件的计算方式与 size 规则相同.

boolean

待验证的字段必须能够转换为布尔值。可接受的输入有 true , false , 1 , 0 , 「1」 , 和 「0」

confirmed

需要验证的字段必须有一个匹配的字段 {field}_confirmation 。例如,如果验证的字段是 password ,则必须在输入中出现一个匹配的 password_confirmation 字段。

您还可以传递一个自定义确认字段名。例如, confirmed:repeat_username 将期望字段 repeat_username 与正在验证的字段匹配。

contains:foo,bar,...

验证的字段必须是包含所有给定参数值的数组。由于该规则经常要求您 implode 一个数组,所以可以使用 rule::contains 方法来流畅地构造该规则:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($data, [
    'roles' => [
        'required',
        'array',
        Rule::contains(['admin', 'editor']),
    ],
]);

current_password

待验证下的字段必须与已经过身份验证的用户密码匹配。您可以指定一个 授权门禁 ,使用规则的第一个参数:

'password' => 'current_password:api'

date

根据PHP函数 strtotime ,验证下的字段必须是一个有效的非相对日期。

date_equals:date

authcontroller 翻译于 1周前

验证中的字段必须等于给定的日期。日期将被传递到 PHP strtotime 函数中,以便转换为有效的 DateTime 实例。

date_format:format,...

验证的字段必须匹配给定的 formats 之一。在验证字段时,应该使用 datedate_format 中的 其中一个 ,而不是同时使用。该验证规则支持 PHP DateTime 类所支持的所有格式。

为方便起见,基于日期的规则可以使用流畅的 date 规则构建器来构建:

use Illuminate\Validation\Rule;

'start_date' => [
    'required',
    Rule::date()->format('Y-m-d'),
],

decimal:min,max

验证的字段必须是数字并且必须包含指定数量的小数位:

// 必须有两位小数 (9.99)...
'price' => 'decimal:2'

// 必须在2到4位小数之间...
'price' => 'decimal:2,4'

declined

验证的字段必须是 「no」 , 「off」 , 0 , 「0」 , false , 或 「false」

declined_if:anotherfield,value,...

如果另一个验证字段的值等于指定值,则验证字段的值必须为 「no」 , 「off」 , 0 , 「0」 , false , 或 「false」

different:field

验证的字段必须与 field 有不同的值。

digits:value

验证的整数必须具有确切的 value 长度。

digits_between:min,max

验证的整数长度必须在给定的 min 和 max 之间。

authcontroller 翻译于 1周前

dimensions

The file under validation must be an image meeting the dimension constraints as specified by the rule's parameters:

'avatar' => 'dimensions:min_width=100,min_height=200'

Available constraints are: min_width, max_width, min_height, max_height, width, height, ratio.

A ratio constraint should be represented as width divided by height. This can be specified either by a fraction like 3/2 or a float like 1.5:

'avatar' => 'dimensions:ratio=3/2'

Since this rule requires several arguments, it is often more convenient to use the Rule::dimensions method to fluently construct the rule:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($data, [
    'avatar' => [
        'required',
        Rule::dimensions()
            ->maxWidth(1000)
            ->maxHeight(500)
            ->ratio(3 / 2),
    ],
]);

distinct

When validating arrays, the field under validation must not have any duplicate values:

'foo.*.id' => 'distinct'

Distinct uses loose variable comparisons by default. To use strict comparisons, you may add the strict parameter to your validation rule definition:

'foo.*.id' => 'distinct:strict'

You may add ignore_case to the validation rule's arguments to make the rule ignore capitalization differences:

'foo.*.id' => 'distinct:ignore_case'

doesnt_start_with:foo,bar,...

The field under validation must not start with one of the given values.

doesnt_end_with:foo,bar,...

The field under validation must not end with one of the given values.

email

The field under validation must be formatted as an email address. This validation rule utilizes the egulias/email-validator package for validating the email address. By default, the RFCValidation validator is applied, but you can apply other validation styles as well:

'email' => 'email:rfc,dns'

The example above will apply the RFCValidation and DNSCheckValidation validations. Here's a full list of validation styles you can apply:

  • rfc: RFCValidation - Validate the email address according to supported RFCs.
  • strict: NoRFCWarningsValidation - Validate the email according to supported RFCs, failing when warnings are found (e.g. trailing periods and multiple consecutive periods).
  • dns: DNSCheckValidation - Ensure the email address's domain has a valid MX record.
  • spoof: SpoofCheckValidation - Ensure the email address does not contain homograph or deceptive Unicode characters.
  • filter: FilterEmailValidation - Ensure the email address is valid according to PHP's filter_var function.
  • filter_unicode: FilterEmailValidation::unicode() - Ensure the email address is valid according to PHP's filter_var function, allowing some Unicode characters.

For convenience, email validation rules may be built using the fluent rule builder:

use Illuminate\Validation\Rule;

$request->validate([
    'email' => [
        'required',
        Rule::email()
            ->rfcCompliant(strict: false)
            ->validateMxRecord()
            ->preventSpoofing()
    ],
]);

[!WARNING]
The dns and spoof validators require the PHP intl extension.

ends_with:foo,bar,...

The field under validation must end with one of the given values.

enum

The Enum rule is a class based rule that validates whether the field under validation contains a valid enum value. The Enum rule accepts the name of the enum as its only constructor argument. When validating primitive values, a backed Enum should be provided to the Enum rule:

use App\Enums\ServerStatus;
use Illuminate\Validation\Rule;

$request->validate([
    'status' => [Rule::enum(ServerStatus::class)],
]);

The Enum rule's only and except methods may be used to limit which enum cases should be considered valid:

Rule::enum(ServerStatus::class)
    ->only([ServerStatus::Pending, ServerStatus::Active]);

Rule::enum(ServerStatus::class)
    ->except([ServerStatus::Pending, ServerStatus::Active]);

The when method may be used to conditionally modify the Enum rule:

use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\Rule;

Rule::enum(ServerStatus::class)
    ->when(
        Auth::user()->isAdmin(),
        fn ($rule) => $rule->only(...),
        fn ($rule) => $rule->only(...),
    );

exclude

The field under validation will be excluded from the request data returned by the validate and validated methods.

exclude_if:anotherfield,value

The field under validation will be excluded from the request data returned by the validate and validated methods if the anotherfield field is equal to value.

If complex conditional exclusion logic is required, you may utilize the Rule::excludeIf method. This method accepts a boolean or a closure. When given a closure, the closure should return true or false to indicate if the field under validation should be excluded:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($request->all(), [
    'role_id' => Rule::excludeIf($request->user()->is_admin),
]);

Validator::make($request->all(), [
    'role_id' => Rule::excludeIf(fn () => $request->user()->is_admin),
]);

exclude_unless:anotherfield,value

The field under validation will be excluded from the request data returned by the validate and validated methods unless anotherfield's field is equal to value. If value is null (exclude_unless:name,null), the field under validation will be excluded unless the comparison field is null or the comparison field is missing from the request data.

exclude_with:anotherfield

The field under validation will be excluded from the request data returned by the validate and validated methods if the anotherfield field is present.

exclude_without:anotherfield

The field under validation will be excluded from the request data returned by the validate and validated methods if the anotherfield field is not present.

exists:table,column

The field under validation must exist in a given database table.

Basic Usage of Exists Rule

'state' => 'exists:states'

If the column option is not specified, the field name will be used. So, in this case, the rule will validate that the states database table contains a record with a state column value matching the request's state attribute value.

Specifying a Custom Column Name

You may explicitly specify the database column name that should be used by the validation rule by placing it after the database table name:

'state' => 'exists:states,abbreviation'

Occasionally, you may need to specify a specific database connection to be used for the exists query. You can accomplish this by prepending the connection name to the table name:

'email' => 'exists:connection.staff,email'

Instead of specifying the table name directly, you may specify the Eloquent model which should be used to determine the table name:

'user_id' => 'exists:App\Models\User,id'

If you would like to customize the query executed by the validation rule, you may use the Rule class to fluently define the rule. In this example, we'll also specify the validation rules as an array instead of using the | character to delimit them:

use Illuminate\Database\Query\Builder;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($data, [
    'email' => [
        'required',
        Rule::exists('staff')->where(function (Builder $query) {
            $query->where('account_id', 1);
        }),
    ],
]);

You may explicitly specify the database column name that should be used by the exists rule generated by the Rule::exists method by providing the column name as the second argument to the exists method:

'state' => Rule::exists('states', 'abbreviation'),

Sometimes, you may wish to validate whether an array of values exists in the database. You can do so by adding both the exists and array rules to the field being validated:

'states' => ['array', Rule::exists('states', 'abbreviation')],

When both of these rules are assigned to a field, Laravel will automatically build a single query to determine if all of the given values exist in the specified table.

extensions:foo,bar,...

The file under validation must have a user-assigned extension corresponding to one of the listed extensions:

'photo' => ['required', 'extensions:jpg,png'],

[!WARNING]
You should never rely on validating a file by its user-assigned extension alone. This rule should typically always be used in combination with the mimes or mimetypes rules.

file

The field under validation must be a successfully uploaded file.

filled

The field under validation must not be empty when it is present.

gt:field

The field under validation must be greater than the given field or value. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.

gte:field

The field under validation must be greater than or equal to the given field or value. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.

hex_color

The field under validation must contain a valid color value in hexadecimal format.

image

The file under validation must be an image (jpg, jpeg, png, bmp, gif, or webp).

[!WARNING]
By default, the image rule does not allow SVG files due to the possibility of XSS vulnerabilities. If you need to allow SVG files, you may provide the allow_svg directive to the image rule (image:allow_svg).

in:foo,bar,...

The field under validation must be included in the given list of values. Since this rule often requires you to implode an array, the Rule::in method may be used to fluently construct the rule:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($data, [
    'zones' => [
        'required',
        Rule::in(['first-zone', 'second-zone']),
    ],
]);

When the in rule is combined with the array rule, each value in the input array must be present within the list of values provided to the in rule. In the following example, the LAS airport code in the input array is invalid since it is not contained in the list of airports provided to the in rule:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

$input = [
    'airports' => ['NYC', 'LAS'],
];

Validator::make($input, [
    'airports' => [
        'required',
        'array',
    ],
    'airports.*' => Rule::in(['NYC', 'LIT']),
]);

in_array:anotherfield.*

The field under validation must exist in anotherfield's values.

in_array_keys:value.*

The field under validation must be an array having at least one of the given values as a key within the array:

'config' => 'array|in_array_keys:timezone'

integer

The field under validation must be an integer.

[!WARNING]
This validation rule does not verify that the input is of the "integer" variable type, only that the input is of a type accepted by PHP's FILTER_VALIDATE_INT rule. If you need to validate the input as being a number please use this rule in combination with the numeric validation rule.

ip

The field under validation must be an IP address.

ipv4

The field under validation must be an IPv4 address.

ipv6

The field under validation must be an IPv6 address.

json

The field under validation must be a valid JSON string.

lt:field

The field under validation must be less than the given field. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.

lte:field

The field under validation must be less than or equal to the given field. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.

lowercase

The field under validation must be lowercase.

list

The field under validation must be an array that is a list. An array is considered a list if its keys consist of consecutive numbers from 0 to count($array) - 1.

mac_address

The field under validation must be a MAC address.

max:value

The field under validation must be less than or equal to a maximum value. Strings, numerics, arrays, and files are evaluated in the same fashion as the size rule.

max_digits:value

The integer under validation must have a maximum length of value.

mimetypes:text/plain,...

The file under validation must match one of the given MIME types:

'video' => 'mimetypes:video/avi,video/mpeg,video/quicktime'

To determine the MIME type of the uploaded file, the file's contents will be read and the framework will attempt to guess the MIME type, which may be different from the client's provided MIME type.

mimes:foo,bar,...

The file under validation must have a MIME type corresponding to one of the listed extensions:

'photo' => 'mimes:jpg,bmp,png'

Even though you only need to specify the extensions, this rule actually validates the MIME type of the file by reading the file's contents and guessing its MIME type. A full listing of MIME types and their corresponding extensions may be found at the following location:

svn.apache.org/repos/asf/httpd/htt...

MIME Types and Extensions

This validation rule does not verify agreement between the MIME type and the extension the user assigned to the file. For example, the mimes:png validation rule would consider a file containing valid PNG content to be a valid PNG image, even if the file is named photo.txt. If you would like to validate the user-assigned extension of the file, you may use the extensions rule.

min:value

The field under validation must have a minimum value. Strings, numerics, arrays, and files are evaluated in the same fashion as the size rule.

min_digits:value

The integer under validation must have a minimum length of value.

multiple_of:value

The field under validation must be a multiple of value.

missing

The field under validation must not be present in the input data.

missing_if:anotherfield,value,...

The field under validation must not be present if the anotherfield field is equal to any value.

missing_unless:anotherfield,value

The field under validation must not be present unless the anotherfield field is equal to any value.

missing_with:foo,bar,...

The field under validation must not be present only if any of the other specified fields are present.

missing_with_all:foo,bar,...

The field under validation must not be present only if all of the other specified fields are present.

not_in:foo,bar,...

The field under validation must not be included in the given list of values. The Rule::notIn method may be used to fluently construct the rule:

use Illuminate\Validation\Rule;

Validator::make($data, [
    'toppings' => [
        'required',
        Rule::notIn(['sprinkles', 'cherries']),
    ],
]);

not_regex:pattern

The field under validation must not match the given regular expression.

Internally, this rule uses the PHP preg_match function. The pattern specified should obey the same formatting required by preg_match and thus also include valid delimiters. For example: 'email' => 'not_regex:/^.+$/i'.

[!WARNING]
When using the regex / not_regex patterns, it may be necessary to specify your validation rules using an array instead of using | delimiters, especially if the regular expression contains a | character.

nullable

The field under validation may be null.

numeric

The field under validation must be numeric.

present

The field under validation must exist in the input data.

present_if:anotherfield,value,...

The field under validation must be present if the anotherfield field is equal to any value.

present_unless:anotherfield,value

The field under validation must be present unless the anotherfield field is equal to any value.

present_with:foo,bar,...

The field under validation must be present only if any of the other specified fields are present.

present_with_all:foo,bar,...

The field under validation must be present only if all of the other specified fields are present.

prohibited

The field under validation must be missing or empty. A field is "empty" if it meets one of the following criteria:

  • The value is null.
  • The value is an empty string.
  • The value is an empty array or empty Countable object.
  • The value is an uploaded file with an empty path.

prohibited_if:anotherfield,value,...

The field under validation must be missing or empty if the anotherfield field is equal to any value. A field is "empty" if it meets one of the following criteria:

  • The value is null.
  • The value is an empty string.
  • The value is an empty array or empty Countable object.
  • The value is an uploaded file with an empty path.

If complex conditional prohibition logic is required, you may utilize the Rule::prohibitedIf method. This method accepts a boolean or a closure. When given a closure, the closure should return true or false to indicate if the field under validation should be prohibited:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($request->all(), [
    'role_id' => Rule::prohibitedIf($request->user()->is_admin),
]);

Validator::make($request->all(), [
    'role_id' => Rule::prohibitedIf(fn () => $request->user()->is_admin),
]);

prohibited_if_accepted:anotherfield,...

The field under validation must be missing or empty if the anotherfield field is equal to "yes", "on", 1, "1", true, or "true".

prohibited_if_declined:anotherfield,...

The field under validation must be missing or empty if the anotherfield field is equal to "no", "off", 0, "0", false, or "false".

prohibited_unless:anotherfield,value,...

The field under validation must be missing or empty unless the anotherfield field is equal to any value. A field is "empty" if it meets one of the following criteria:

  • The value is null.
  • The value is an empty string.
  • The value is an empty array or empty Countable object.
  • The value is an uploaded file with an empty path.

prohibits:anotherfield,...

If the field under validation is not missing or empty, all fields in anotherfield must be missing or empty. A field is "empty" if it meets one of the following criteria:

  • The value is null.
  • The value is an empty string.
  • The value is an empty array or empty Countable object.
  • The value is an uploaded file with an empty path.

regex:pattern

The field under validation must match the given regular expression.

Internally, this rule uses the PHP preg_match function. The pattern specified should obey the same formatting required by preg_match and thus also include valid delimiters. For example: 'email' => 'regex:/^.+@.+$/i'.

[!WARNING]
When using the regex / not_regex patterns, it may be necessary to specify rules in an array instead of using | delimiters, especially if the regular expression contains a | character.

required

The field under validation must be present in the input data and not empty. A field is "empty" if it meets one of the following criteria:

  • The value is null.
  • The value is an empty string.
  • The value is an empty array or empty Countable object.
  • The value is an uploaded file with no path.

required_if:anotherfield,value,...

The field under validation must be present and not empty if the anotherfield field is equal to any value.

If you would like to construct a more complex condition for the required_if rule, you may use the Rule::requiredIf method. This method accepts a boolean or a closure. When passed a closure, the closure should return true or false to indicate if the field under validation is required:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($request->all(), [
    'role_id' => Rule::requiredIf($request->user()->is_admin),
]);

Validator::make($request->all(), [
    'role_id' => Rule::requiredIf(fn () => $request->user()->is_admin),
]);

required_if_accepted:anotherfield,...

The field under validation must be present and not empty if the anotherfield field is equal to "yes", "on", 1, "1", true, or "true".

required_if_declined:anotherfield,...

The field under validation must be present and not empty if the anotherfield field is equal to "no", "off", 0, "0", false, or "false".

required_unless:anotherfield,value,...

The field under validation must be present and not empty unless the anotherfield field is equal to any value. This also means anotherfield must be present in the request data unless value is null. If value is null (required_unless:name,null), the field under validation will be required unless the comparison field is null or the comparison field is missing from the request data.

required_with:foo,bar,...

The field under validation must be present and not empty only if any of the other specified fields are present and not empty.

required_with_all:foo,bar,...

The field under validation must be present and not empty only if all of the other specified fields are present and not empty.

required_without:foo,bar,...

The field under validation must be present and not empty only when any of the other specified fields are empty or not present.

required_without_all:foo,bar,...

The field under validation must be present and not empty only when all of the other specified fields are empty or not present.

required_array_keys:foo,bar,...

The field under validation must be an array and must contain at least the specified keys.

same:field

The given field must match the field under validation.

size:value

The field under validation must have a size matching the given value. For string data, value corresponds to the number of characters. For numeric data, value corresponds to a given integer value (the attribute must also have the numeric or integer rule). For an array, size corresponds to the count of the array. For files, size corresponds to the file size in kilobytes. Let's look at some examples:

// Validate that a string is exactly 12 characters long...
'title' => 'size:12';

// Validate that a provided integer equals 10...
'seats' => 'integer|size:10';

// Validate that an array has exactly 5 elements...
'tags' => 'array|size:5';

// Validate that an uploaded file is exactly 512 kilobytes...
'image' => 'file|size:512';

starts_with:foo,bar,...

The field under validation must start with one of the given values.

string

The field under validation must be a string. If you would like to allow the field to also be null, you should assign the nullable rule to the field.

timezone

The field under validation must be a valid timezone identifier according to the DateTimeZone::listIdentifiers method.

The arguments accepted by the DateTimeZone::listIdentifiers method may also be provided to this validation rule:

'timezone' => 'required|timezone:all';

'timezone' => 'required|timezone:Africa';

'timezone' => 'required|timezone:per_country,US';

unique:table,column

The field under validation must not exist within the given database table.

Specifying a Custom Table / Column Name:

Instead of specifying the table name directly, you may specify the Eloquent model which should be used to determine the table name:

'email' => 'unique:App\Models\User,email_address'

The column option may be used to specify the field's corresponding database column. If the column option is not specified, the name of the field under validation will be used.

'email' => 'unique:users,email_address'

Specifying a Custom Database Connection

Occasionally, you may need to set a custom connection for database queries made by the Validator. To accomplish this, you may prepend the connection name to the table name:

'email' => 'unique:connection.users,email_address'

Forcing a Unique Rule to Ignore a Given ID:

Sometimes, you may wish to ignore a given ID during unique validation. For example, consider an "update profile" screen that includes the user's name, email address, and location. You will probably want to verify that the email address is unique. However, if the user only changes the name field and not the email field, you do not want a validation error to be thrown because the user is already the owner of the email address in question.

To instruct the validator to ignore the user's ID, we'll use the Rule class to fluently define the rule. In this example, we'll also specify the validation rules as an array instead of using the | character to delimit the rules:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

Validator::make($data, [
    'email' => [
        'required',
        Rule::unique('users')->ignore($user->id),
    ],
]);

[!WARNING]
You should never pass any user controlled request input into the ignore method. Instead, you should only pass a system generated unique ID such as an auto-incrementing ID or UUID from an Eloquent model instance. Otherwise, your application will be vulnerable to an SQL injection attack.

Instead of passing the model key's value to the ignore method, you may also pass the entire model instance. Laravel will automatically extract the key from the model:

Rule::unique('users')->ignore($user)

If your table uses a primary key column name other than id, you may specify the name of the column when calling the ignore method:

Rule::unique('users')->ignore($user->id, 'user_id')

By default, the unique rule will check the uniqueness of the column matching the name of the attribute being validated. However, you may pass a different column name as the second argument to the unique method:

Rule::unique('users', 'email_address')->ignore($user->id)

Adding Additional Where Clauses:

You may specify additional query conditions by customizing the query using the where method. For example, let's add a query condition that scopes the query to only search records that have an account_id column value of 1:

'email' => Rule::unique('users')->where(fn (Builder $query) => $query->where('account_id', 1))

Ignoring Soft Deleted Records in Unique Checks:

By default, the unique rule includes soft deleted records when determining uniqueness. To exclude soft deleted records from the uniqueness check, you may invoke the withoutTrashed method:

Rule::unique('users')->withoutTrashed();

If your model uses a column name other than deleted_at for soft deleted records, you may provide the column name when invoking the withoutTrashed method:

Rule::unique('users')->withoutTrashed('was_deleted_at');

uppercase

The field under validation must be uppercase.

url

The field under validation must be a valid URL.

If you would like to specify the URL protocols that should be considered valid, you may pass the protocols as validation rule parameters:

'url' => 'url:http,https',

'game' => 'url:minecraft,steam',

ulid

The field under validation must be a valid Universally Unique Lexicographically Sortable Identifier (ULID).

uuid

The field under validation must be a valid RFC 9562 (version 1, 3, 4, 5, 6, 7, or 8) universally unique identifier (UUID).

You may also validate that the given UUID matches a UUID specification by version:

'uuid' => 'uuid:4'

Conditionally Adding Rules

Skipping Validation When Fields Have Certain Values

You may occasionally wish to not validate a given field if another field has a given value. You may accomplish this using the exclude_if validation rule. In this example, the appointment_date and doctor_name fields will not be validated if the has_appointment field has a value of false:

use Illuminate\Support\Facades\Validator;

$validator = Validator::make($data, [
    'has_appointment' => 'required|boolean',
    'appointment_date' => 'exclude_if:has_appointment,false|required|date',
    'doctor_name' => 'exclude_if:has_appointment,false|required|string',
]);

Alternatively, you may use the exclude_unless rule to not validate a given field unless another field has a given value:

$validator = Validator::make($data, [
    'has_appointment' => 'required|boolean',
    'appointment_date' => 'exclude_unless:has_appointment,true|required|date',
    'doctor_name' => 'exclude_unless:has_appointment,true|required|string',
]);

Validating When Present

In some situations, you may wish to run validation checks against a field only if that field is present in the data being validated. To quickly accomplish this, add the sometimes rule to your rule list:

$validator = Validator::make($data, [
    'email' => 'sometimes|required|email',
]);

In the example above, the email field will only be validated if it is present in the $data array.

[!NOTE]
If you are attempting to validate a field that should always be present but may be empty, check out this note on optional fields.

Complex Conditional Validation

Sometimes you may wish to add validation rules based on more complex conditional logic. For example, you may wish to require a given field only if another field has a greater value than 100. Or, you may need two fields to have a given value only when another field is present. Adding these validation rules doesn't have to be a pain. First, create a Validator instance with your static rules that never change:

use Illuminate\Support\Facades\Validator;

$validator = Validator::make($request->all(), [
    'email' => 'required|email',
    'games' => 'required|integer|min:0',
]);

Let's assume our web application is for game collectors. If a game collector registers with our application and they own more than 100 games, we want them to explain why they own so many games. For example, perhaps they run a game resale shop, or maybe they just enjoy collecting games. To conditionally add this requirement, we can use the sometimes method on the Validator instance.

use Illuminate\Support\Fluent;

$validator->sometimes('reason', 'required|max:500', function (Fluent $input) {
    return $input->games >= 100;
});

The first argument passed to the sometimes method is the name of the field we are conditionally validating. The second argument is a list of the rules we want to add. If the closure passed as the third argument returns true, the rules will be added. This method makes it a breeze to build complex conditional validations. You may even add conditional validations for several fields at once:

$validator->sometimes(['reason', 'cost'], 'required', function (Fluent $input) {
    return $input->games >= 100;
});

[!NOTE]
The $input parameter passed to your closure will be an instance of Illuminate\Support\Fluent and may be used to access your input and files under validation.

Complex Conditional Array Validation

Sometimes you may want to validate a field based on another field in the same nested array whose index you do not know. In these situations, you may allow your closure to receive a second argument which will be the current individual item in the array being validated:

$input = [
    'channels' => [
        [
            'type' => 'email',
            'address' => 'abigail@example.com',
        ],
        [
            'type' => 'url',
            'address' => 'https://example.com',
        ],
    ],
];

$validator->sometimes('channels.*.address', 'email', function (Fluent $input, Fluent $item) {
    return $item->type === 'email';
});

$validator->sometimes('channels.*.address', 'url', function (Fluent $input, Fluent $item) {
    return $item->type !== 'email';
});

Like the $input parameter passed to the closure, the $item parameter is an instance of Illuminate\Support\Fluent when the attribute data is an array; otherwise, it is a string.

Validating Arrays

As discussed in the array validation rule documentation, the array rule accepts a list of allowed array keys. If any additional keys are present within the array, validation will fail:

use Illuminate\Support\Facades\Validator;

$input = [
    'user' => [
        'name' => 'Taylor Otwell',
        'username' => 'taylorotwell',
        'admin' => true,
    ],
];

Validator::make($input, [
    'user' => 'array:name,username',
]);

In general, you should always specify the array keys that are allowed to be present within your array. Otherwise, the validator's validate and validated methods will return all of the validated data, including the array and all of its keys, even if those keys were not validated by other nested array validation rules.

Validating Nested Array Input

Validating nested array based form input fields doesn't have to be a pain. You may use "dot notation" to validate attributes within an array. For example, if the incoming HTTP request contains a photos[profile] field, you may validate it like so:

use Illuminate\Support\Facades\Validator;

$validator = Validator::make($request->all(), [
    'photos.profile' => 'required|image',
]);

You may also validate each element of an array. For example, to validate that each email in a given array input field is unique, you may do the following:

$validator = Validator::make($request->all(), [
    'person.*.email' => 'email|unique:users',
    'person.*.first_name' => 'required_with:person.*.last_name',
]);

Likewise, you may use the * character when specifying custom validation messages in your language files, making it a breeze to use a single validation message for array based fields:

'custom' => [
    'person.*.email' => [
        'unique' => 'Each person must have a unique email address',
    ]
],

Accessing Nested Array Data

Sometimes you may need to access the value for a given nested array element when assigning validation rules to the attribute. You may accomplish this using the Rule::forEach method. The forEach method accepts a closure that will be invoked for each iteration of the array attribute under validation and will receive the attribute's value and explicit, fully-expanded attribute name. The closure should return an array of rules to assign to the array element:

use App\Rules\HasPermission;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;

$validator = Validator::make($request->all(), [
    'companies.*.id' => Rule::forEach(function (string|null $value, string $attribute) {
        return [
            Rule::exists(Company::class, 'id'),
            new HasPermission('manage-company', $value),
        ];
    }),
]);

Error Message Indexes and Positions

When validating arrays, you may want to reference the index or position of a particular item that failed validation within the error message displayed by your application. To accomplish this, you may include the :index (starts from 0) and :position (starts from 1) placeholders within your custom validation message:

use Illuminate\Support\Facades\Validator;

$input = [
    'photos' => [
        [
            'name' => 'BeachVacation.jpg',
            'description' => 'A photo of my beach vacation!',
        ],
        [
            'name' => 'GrandCanyon.jpg',
            'description' => '',
        ],
    ],
];

Validator::validate($input, [
    'photos.*.description' => 'required',
], [
    'photos.*.description.required' => 'Please describe photo #:position.',
]);

Given the example above, validation will fail and the user will be presented with the following error of "Please describe photo #2."

If necessary, you may reference more deeply nested indexes and positions via second-index, second-position, third-index, third-position, etc.

'photos.*.attributes.*.string' => 'Invalid attribute for photo #:second-position.',

Validating Files

Laravel provides a variety of validation rules that may be used to validate uploaded files, such as mimes, image, min, and max. While you are free to specify these rules individually when validating files, Laravel also offers a fluent file validation rule builder that you may find convenient:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\File;

Validator::validate($input, [
    'attachment' => [
        'required',
        File::types(['mp3', 'wav'])
            ->min(1024)
            ->max(12 * 1024),
    ],
]);

Validating File Types

Even though you only need to specify the extensions when invoking the types method, this method actually validates the MIME type of the file by reading the file's contents and guessing its MIME type. A full listing of MIME types and their corresponding extensions may be found at the following location:

svn.apache.org/repos/asf/httpd/htt...

Validating File Sizes

For convenience, minimum and maximum file sizes may be specified as a string with a suffix indicating the file size units. The kb, mb, gb, and tb suffixes are supported:

File::types(['mp3', 'wav'])
    ->min('1kb')
    ->max('10mb');

Validating Image Files

If your application accepts images uploaded by your users, you may use the File rule's image constructor method to ensure that the file under validation is an image (jpg, jpeg, png, bmp, gif, or webp).

In addition, the dimensions rule may be used to limit the dimensions of the image:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
use Illuminate\Validation\Rules\File;

Validator::validate($input, [
    'photo' => [
        'required',
        File::image()
            ->min(1024)
            ->max(12 * 1024)
            ->dimensions(Rule::dimensions()->maxWidth(1000)->maxHeight(500)),
    ],
]);

[!NOTE]
More information regarding validating image dimensions may be found in the dimension rule documentation.

[!WARNING]
By default, the image rule does not allow SVG files due to the possibility of XSS vulnerabilities. If you need to allow SVG files, you may pass allowSvg: true to the image rule: File::image(allowSvg: true).

Validating Image Dimensions

You may also validate the dimensions of an image. For example, to validate that an uploaded image is at least 1000 pixels wide and 500 pixels tall, you may use the dimensions rule:

use Illuminate\Validation\Rule;
use Illuminate\Validation\Rules\File;

File::image()->dimensions(
    Rule::dimensions()
        ->maxWidth(1000)
        ->maxHeight(500)
)

[!NOTE]
More information regarding validating image dimensions may be found in the dimension rule documentation.

Validating Passwords

To ensure that passwords have an adequate level of complexity, you may use Laravel's Password rule object:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\Password;

$validator = Validator::make($request->all(), [
    'password' => ['required', 'confirmed', Password::min(8)],
]);

The Password rule object allows you to easily customize the password complexity requirements for your application, such as specifying that passwords require at least one letter, number, symbol, or characters with mixed casing:

// Require at least 8 characters...
Password::min(8)

// Require at least one letter...
Password::min(8)->letters()

// Require at least one uppercase and one lowercase letter...
Password::min(8)->mixedCase()

// Require at least one number...
Password::min(8)->numbers()

// Require at least one symbol...
Password::min(8)->symbols()

In addition, you may ensure that a password has not been compromised in a public password data breach leak using the uncompromised method:

Password::min(8)->uncompromised()

Internally, the Password rule object uses the k-Anonymity model to determine if a password has been leaked via the haveibeenpwned.com service without sacrificing the user's privacy or security.

By default, if a password appears at least once in a data leak, it will be considered compromised. You can customize this threshold using the first argument of the uncompromised method:

// Ensure the password appears less than 3 times in the same data leak...
Password::min(8)->uncompromised(3);

Of course, you may chain all the methods in the examples above:

Password::min(8)
    ->letters()
    ->mixedCase()
    ->numbers()
    ->symbols()
    ->uncompromised()

Defining Default Password Rules

You may find it convenient to specify the default validation rules for passwords in a single location of your application. You can easily accomplish this using the Password::defaults method, which accepts a closure. The closure given to the defaults method should return the default configuration of the Password rule. Typically, the defaults rule should be called within the boot method of one of your application's service providers:

use Illuminate\Validation\Rules\Password;

/**
 * Bootstrap any application services.
 */
public function boot(): void
{
    Password::defaults(function () {
        $rule = Password::min(8);

        return $this->app->isProduction()
            ? $rule->mixedCase()->uncompromised()
            : $rule;
    });
}

Then, when you would like to apply the default rules to a particular password undergoing validation, you may invoke the defaults method with no arguments:

'password' => ['required', Password::defaults()],

Occasionally, you may want to attach additional validation rules to your default password validation rules. You may use the rules method to accomplish this:

use App\Rules\ZxcvbnRule;

Password::defaults(function () {
    $rule = Password::min(8)->rules([new ZxcvbnRule]);

    // ...
});

Custom Validation Rules

Using Rule Objects

Laravel provides a variety of helpful validation rules; however, you may wish to specify some of your own. One method of registering custom validation rules is using rule objects. To generate a new rule object, you may use the make:rule Artisan command. Let's use this command to generate a rule that verifies a string is uppercase. Laravel will place the new rule in the app/Rules directory. If this directory does not exist, Laravel will create it when you execute the Artisan command to create your rule:

php artisan make:rule Uppercase

Once the rule has been created, we are ready to define its behavior. A rule object contains a single method: validate. This method receives the attribute name, its value, and a callback that should be invoked on failure with the validation error message:

<?php

namespace App\Rules;

use Closure;
use Illuminate\Contracts\Validation\ValidationRule;

class Uppercase implements ValidationRule
{
    /**
     * Run the validation rule.
     */
    public function validate(string $attribute, mixed $value, Closure $fail): void
    {
        if (strtoupper($value) !== $value) {
            $fail('The :attribute must be uppercase.');
        }
    }
}

Once the rule has been defined, you may attach it to a validator by passing an instance of the rule object with your other validation rules:

use App\Rules\Uppercase;

$request->validate([
    'name' => ['required', 'string', new Uppercase],
]);

Translating Validation Messages

Instead of providing a literal error message to the $fail closure, you may also provide a translation string key and instruct Laravel to translate the error message:

if (strtoupper($value) !== $value) {
    $fail('validation.uppercase')->translate();
}

If necessary, you may provide placeholder replacements and the preferred language as the first and second arguments to the translate method:

$fail('validation.location')->translate([
    'value' => $this->value,
], 'fr');

Accessing Additional Data

If your custom validation rule class needs to access all of the other data undergoing validation, your rule class may implement the Illuminate\Contracts\Validation\DataAwareRule interface. This interface requires your class to define a setData method. This method will automatically be invoked by Laravel (before validation proceeds) with all of the data under validation:

<?php

namespace App\Rules;

use Illuminate\Contracts\Validation\DataAwareRule;
use Illuminate\Contracts\Validation\ValidationRule;

class Uppercase implements DataAwareRule, ValidationRule
{
    /**
     * All of the data under validation.
     *
     * @var array<string, mixed>
     */
    protected $data = [];

    // ...

    /**
     * Set the data under validation.
     *
     * @param  array<string, mixed>  $data
     */
    public function setData(array $data): static
    {
        $this->data = $data;

        return $this;
    }
}

Or, if your validation rule requires access to the validator instance performing the validation, you may implement the ValidatorAwareRule interface:

<?php

namespace App\Rules;

use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Contracts\Validation\ValidatorAwareRule;
use Illuminate\Validation\Validator;

class Uppercase implements ValidationRule, ValidatorAwareRule
{
    /**
     * The validator instance.
     *
     * @var \Illuminate\Validation\Validator
     */
    protected $validator;

    // ...

    /**
     * Set the current validator.
     */
    public function setValidator(Validator $validator): static
    {
        $this->validator = $validator;

        return $this;
    }
}

使用闭包

如果您在整个应用程序中只需要使用一次自定义规则的功能,那么可以使用闭包而不是规则对象。闭包会接收属性的名称、属性的值和一个 $fail 回调函数,如果验证失败,则应调用该回调函数:

use Illuminate\Support\Facades\Validator;
use Closure;

$validator = Validator::make($request->all(), [
    'title' => [
        'required',
        'max:255',
        function (string $attribute, mixed $value, Closure $fail) {
            if ($value === 'foo') {
                $fail("The {$attribute} is invalid.");
            }
        },
    ],
]);

隐式规则

默认情况下,当待验证的属性不存在或包含空字符串时,包括自定义规则在内的常规验证规则将不会运行。例如 unique 规则将不会对空字符串运行:

use Illuminate\Support\Facades\Validator;

$rules = ['name' => 'unique:users,name'];

$input = ['name' => ''];

Validator::make($input, $rules)->passes(); // true

为了让自定义规则在属性为空时也能运行,该规则必须暗示该属性是必需的。要快速生成新的隐式规则对象,您可以使用带有--implicit选项的 make:rule Artisan 命令:

php artisan make:rule Uppercase --implicit

[!警告]
"隐式" 规则仅有 implies 属性是必须的。至于它是否真的会因为缺少或空属性而无效,则取决于你。

stamina 翻译于 5天前

本文章首发在 LearnKu.com 网站上。

本文中的所有译文仅用于学习和交流目的,转载请务必注明文章译者、出处、和本文链接
我们的翻译工作遵照 CC 协议,如果我们的工作有侵犯到您的权益,请及时联系我们。

《L03 构架 API 服务器》
你将学到如 RESTFul 设计风格、PostMan 的使用、OAuth 流程,JWT 概念及使用 和 API 开发相关的进阶知识。
《L01 基础入门》
我们将带你从零开发一个项目并部署到线上,本课程教授 Web 开发中专业、实用的技能,如 Git 工作流、Laravel Mix 前端工作流等。
贡献者:6
讨论数量: 2
发起讨论 只看当前版本


xingxiaoli
自定义验证规则只能验证单个属性吗?
0 个点赞 | 7 个回复 | 问答 | 课程版本 5.8
sonw
嵌套验证 * 不起作用
0 个点赞 | 5 个回复 | 问答 | 课程版本 5.1