表单验证
这是一篇协同翻译的文章,你可以点击『我来翻译』按钮来参与翻译。
数据验证
简介
Laravel 提供了多种不同的方法来验证应用程序的传入数据。最常见的是使用所有传入 HTTP 请求上都可用的 validate
方法。不过,我们也将讨论其他验证方法。
Laravel 包含了各种方便的验证规则,您可以将它们应用于数据,甚至提供了验证值在给定数据库表中是否唯一的能力。我们将详细介绍这些验证规则,以便您熟悉 Laravel 的所有验证功能。
快速开始
为了了解 Laravel 强大的验证功能,我们来看一个表单验证并将错误消息展示给用户的完整示例。通过阅读概述,这将会对你如何使用 Laravel 验证传入的请求数据有一个很好的理解:
定义路由
首先,假设我们在 routes/web.php
路由文件中定义了下面这些路由:
use App\Http\Controllers\PostController;
Route::get('/post/create', [PostController::class, 'create']);
Route::post('/post', [PostController::class, 'store']);
GET
路由会显示一个供用户创建新博客文章的表单,而 POST
路由会将新的博客文章存储到数据库中。
创建控制器
接下来,让我们一起来看看处理这些路由的简单控制器。我们暂时留空了 store
方法:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\View\View;
class PostController extends Controller
{
/**
* 博客的表单视图
*/
public function create(): View
{
return view('post.create');
}
/**
* 存储博客的 Action
*/
public function store(Request $request): RedirectResponse
{
// 验证并且执行存储逻辑
$post = /** ... */
return to_route('post.show', ['post' => $post->id]);
}
}
编写验证逻辑
现在我们开始在 store
方法中编写用来验证新的博客文章的逻辑代码。为此,我们将使用 Illuminate\Http\Request
类提供的 validate
方法。如果验证通过,你的代码会继续正常运行。如果验证失败,则会抛出 Illuminate\Validation\ValidationException
异常,并自动将对应的错误响应返回给用户。
如果传统HTTP请求验证失败,将会生成重定向响应跳转至上个URL。若传入请求为XHR请求,则会返回包含验证错误信息的JSON响应。
为了更好地理解validate
方法,让我们回到store
方法:
/**
* 存储新博客文章
*/
public function store(Request $request): RedirectResponse
{
$validated = $request->validate([
'title' => 'required|unique:posts|max:255',
'body' => 'required',
]);
// 博客文章验证通过...
return redirect('/posts');
}
如您所见,验证规则被传入validate
方法。不必担心 - 所有可用验证规则都已文档化。再次说明,如果验证失败,将会自动生成适当的响应。如果验证通过,控制器将继续正常执行。
或者,验证规则也可以指定为规则数组,而非单个|
分隔的字符串:
$validatedData = $request->validate([
'title' => ['required', 'unique:posts', 'max:255'],
'body' => ['required'],
]);
此外,您可以使用validateWithBag
方法验证请求并将错误信息存储到命名错误包中:
$validatedData = $request->validateWithBag('post', [
'title' => ['required', 'unique:posts', 'max:255'],
'body' => ['required'],
]);
首次验证失败即停止
有时您可能希望在属性首次验证失败后停止执行后续验证规则。为此,可给属性分配bail
规则:
$request->validate([
'title' => 'bail|required|unique:posts|max:255',
'body' => 'required',
]);
在此示例中,如果title
属性的unique
规则失败,将不会检查max
规则。规则将按照分配的顺序进行验证。
关于嵌套属性的说明
如果传入的 HTTP 请求包含 「嵌套」 字段数据,您可以在验证规则中使用 「点」 语法来指定这些字段:
$request->validate([
'title' => 'required|unique:posts|max:255',
'author.name' => 'required',
'author.description' => 'required',
]);
另一方面,如果您的字段名包含文字句点,可以通过在句点前添加反斜杠来显式阻止其被解释为 「点」 语法:
$request->validate([
'title' => 'required|unique:posts|max:255',
'v1\.0' => 'required',
]);
显示验证错误
那么,如果传入请求字段未通过给定的验证规则会怎样呢? 如前所述,Laravel 会自动将用户重定向到之前的位置。 此外,所有验证错误和 请求输入 都会自动 闪存到 Session 。
Illuminate\View\Middleware\ShareErrorsFromSession
中间件(由 web
中间件组提供)会将 $errors
变量共享给您应用的所有视图。 应用此中间件后, $errors
变量将始终在视图中可用,您可以放心地假设该变量已定义并可安全使用。 $errors
变量是 Illuminate\Support\MessageBag
的一个实例。 有关此对象的更多信息,请 查阅其文档 。
在我们的示例中,当验证失败时,用户将被重定向到控制器的 create
方法,使我们能够在视图中显示错误信息:
<!-- /resources/views/post/create.blade.php -->
<h1>创建文章</h1>
@if ($errors->any())
<div class="alert alert-danger">
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<!-- 创建文章表单 -->
自定义错误消息
Laravel 的内置验证规则每个都有对应的错误消息,这些消息位于您应用的 lang/en/validation.php
文件中。 如果您的应用没有 lang
目录,您可以使用 lang:publish
Artisan 命令让 Laravel 创建它。
在 lang/en/validation.php
文件中,您会找到每个验证规则的翻译条目。 您可以根据应用的需求自由更改或修改这些消息。
此外,您可以将此文件复制到其他语言目录,以翻译成您应用所需的语言。 要了解更多关于 Laravel 本地化的信息,请查阅完整的 本地化文档 。
[!警告]
默认情况下,Laravel 应用骨架不包含lang
目录。 如果您想自定义 Laravel 的语言文件,可以通过lang:publish
Artisan 命令来发布它们。
XHR 请求与验证
在这个例子中,我们使用了传统表单向应用发送数据。 然而,许多应用会收到来自 JavaScript 驱动前端的 XHR 请求。 当在 XHR 请求中使用 validate
方法时,Laravel 不会生成重定向响应。 相反,Laravel 会生成一个 包含所有验证错误的 JSON 响应 。 此 JSON 响应将附带 422 HTTP 状态码一起发送。
@error
指令
您可以使用 @error
Blade 指令来快速判断给定属性是否存在验证错误消息。 在 @error
指令内部,您可以回显 $message
变量来显示错误消息:
<!-- /resources/views/post/create.blade.php -->
<label for="title">文章标题</label>
<input
id="title"
type="text"
name="title"
class="@error('title') is-invalid @enderror"
/>
@error('title')
<div class="alert alert-danger">{{ $message }}</div>
@enderror
如果您使用的是 命名错误包 ,可以将错误包的名称作为第二个参数传递给 @error
指令:
<input ... class="@error('title', 'post') is-invalid @enderror">
表单数据回填
当 Laravel 因验证错误而生成重定向响应时,框架会自动 将请求的所有输入数据闪存到 Session 。 这样做的目的是让您可以在下次请求时方便地访问这些输入数据,并重新填充用户尝试提交的表单。
要从上一个请求中获取闪存的输入数据,可以在 Illuminate\Http\Request
实例上调用 old
方法。 old
方法会从 Session 中提取之前闪存的输入数据:
$title = $request->old('title');
Laravel 还提供了一个全局的 old
辅助函数。 如果您在 Blade 模板 中显示旧输入数据,使用 old
辅助函数来回填表单会更加方便。 如果给定字段没有旧的输入数据,将返回 null
:
<input type="text" name="title" value="{{ old('title') }}">
关于可选字段的说明
默认情况下,Laravel 在应用的全局中间件堆栈中包含 TrimStrings
和 ConvertEmptyStringsToNull
中间件。 因此,如果您不希望验证器将 null
值视为无效,通常需要将「可选」请求字段标记为 nullable
。 例如:
$request->validate([
'title' => 'required|unique:posts|max:255',
'body' => 'required',
'publish_at' => 'nullable|date',
]);
在这个例子中,我们指定 publish_at
字段可以为 null
或有效的日期表示。如果没有将 nullable
修饰符添加到规则定义中,则验证器会将 null
视为无效日期。
验证错误响应格式
当您的应用程序抛出 Illuminate\Validation\ValidationException
异常,并且传入的 HTTP 请求希望返回 JSON 响应时,Laravel 将自动为您格式化错误消息,并返回 422 Unprocessable Entity
HTTP 响应。
下面是验证错误的 JSON 响应格式示例。注意,嵌套的错误键会被转换为「点」符号格式:
{
"message": "The team name must be a string. (and 4 more errors)",
"errors": {
"team_name": [
"The team name must be a string.",
"The team name must be at least 1 characters."
],
"authorization.role": [
"The selected authorization.role is invalid."
],
"users.0.email": [
"The users.0.email field is required."
],
"users.2.email": [
"The users.2.email must be a valid email address."
]
}
}
表单请求验证
创建表单请求
对于更复杂的验证场景,您可能希望创建一个「表单请求」。表单请求是自定义请求类,封装了自己的验证和授权逻辑。要创建一个表单请求类,您可以使用 make:request
Artisan CLI 命令:
php artisan make:request StorePostRequest
生成的表单请求类将被放置在 app/Http/Requests
目录中。如果此目录不存在,则在运行 make:request
命令时将创建该目录。Laravel 生成的每个表单请求都有两个方法:authorize
和 rules
。
正如您可能想到的,authorize
方法负责确定当前已认证的用户是否可以执行请求所代表的操作,而 rules
方法则返回应当应用于请求数据的验证规则:
/**
* 获取应用于请求的验证规则。
*
* @return array<string, \Illuminate\Contracts\Validation\ValidationRule|array<mixed>|string>
*/
public function rules(): array
{
return [
'title' => 'required|unique:posts|max:255',
'body' => 'required',
];
}
注意
您可以在rules
方法的签名中类型提示任何您需要的依赖项。它们将通过 Laravel 服务容器 自动解析。
那么,验证规则是如何被评估的呢?您只需要在控制器方法中对请求进行类型提示。传入的表单请求会在控制器方法被调用之前进行验证,这意味着您不需要在控制器中添加任何验证逻辑:
/**
* 存储新的博客文章。
*/
public function store(StorePostRequest $request): RedirectResponse
{
// 传入的请求是有效的...
// 检索已验证的输入数据...
$validated = $request->validated();
// 检索部分验证过的输入数据...
$validated = $request->safe()->only(['name', 'email']);
$validated = $request->safe()->except(['name', 'email']);
// 存储博客文章...
return redirect('/posts');
}
如果验证失败,将生成一个重定向响应,将用户送回他们之前的位置。错误信息也会被闪存到 session 中,以便显示。如果请求是 XHR 请求,将向用户返回一个 HTTP 422 状态码的响应,其中包含 验证错误的 JSON 表示。
注意
需要为您的 Inertia 驱动的 Laravel 前端添加实时表单请求验证吗? 请查看 Laravel 实时服务器端表单验证扩展。
执行附加验证
有时,在完成初始验证后,你需要执行额外的验证。您可以使用表单请求的 after
方法来完成此操作。
after
方法应返回一个可调用或闭包数组,这些数组将在验证完成后调用。给定的可调用程序将接收一个 Illuminate\Validation\Validator
实例,允许你在必要时引发额外的错误消息:
use Illuminate\Validation\Validator;
/**
* 获取请求的「after」验证可调用项。
*/
public function after(): array
{
return [
function (Validator $validator) {
if ($this->somethingElseIsInvalid()) {
$validator->errors()->add(
'field',
'Something is wrong with this field!'
);
}
}
];
}
如上所述,after
方法返回的数组也可能包含可调用的类。这些类的 __invoke
方法将接收一个 Illuminate\Validation\Validator
实例:
use App\Validation\ValidateShippingTime;
use App\Validation\ValidateUserStatus;
use Illuminate\Validation\Validator;
/**
* 获取请求的「after」验证可调用项。
*/
public function after(): array
{
return [
new ValidateUserStatus,
new ValidateShippingTime,
function (Validator $validator) {
//
}
];
}
在首次验证失败时停止
通过添加 stopOnFirstFailure
属性到请求类,你可以通知验证器,一旦发生单个验证失败,它就应该停止验证所有属性:
/**
* 指示验证程序是否应在第一个规则失败时停止。
*
* @var bool
*/
protected $stopOnFirstFailure = true;
自定义重定向位置
当表单请求验证失败时,生成的重定向响应,将会使用户返回到原来的位置。不过,你可以自由地自定义此行为。如果要这么做,请在表单请求中定义 $redirect
属性:
/**
* 验证失败时,用户应当跳转的URI
*
* @var string
*/
protected $redirect = '/dashboard';
或者,如果您想将用户重定向到命名路由,您可以定义一个 $redirectRoute
属性:
/**
* 如果验证失败,用户应该被重定向到的路由。
*
* @var string
*/
protected $redirectRoute = 'dashboard';
授权表单请求
表单请求类还包含一个 authorize
方法。在这个方法中,您可以确定已认证的用户是否真正有权更新给定的资源。例如,您可以确定用户是否真的拥有他们试图更新的博客评论。通常,您会在这个方法中与您的 授权门禁和策略 进行交互:
use App\Models\Comment;
/**
* 确定用户是否有权进行此请求。
*/
public function authorize(): bool
{
$comment = Comment::find($this->route('comment'));
return $comment && $this->user()->can('update', $comment);
}
由于所有表单请求都继承自 Laravel 的基础请求类,我们可以使用 user
方法来访问当前已认证的用户。另外,注意上面示例中对 route
方法的调用。这个方法允许您访问在被调用路由上定义的 URI 参数,比如下面示例中的 {comment}
参数:
Route::post('/comment/{comment}');
因此,如果您的应用程序利用了 路由模型绑定,您的代码可以通过将解析后的模型作为请求的属性来访问,从而变得更加简洁:
return $this->user()->can('update', $this->comment);
如果 authorize
方法返回 false
,一个带有 403 状态码的 HTTP 响应将会被自动返回,并且您的控制器方法将不会被执行。
如果您计划在应用程序的其他部分处理请求的授权逻辑,您可以完全移除 authorize
方法,或者简单地返回 true
:
/**
* 确定用户是否有权处理此请求。
*/
public function authorize(): bool
{
return true;
}
注意
你可以在authorize
方法的签名中键入提示你需要的任何依赖项。 它将会使用 Laravel 服务容器 自动解析。
自定义错误消息
您可以通过重写 messages
方法来自定义表单请求使用的错误消息。此方法应返回一个属性 / 规则对及其对应错误消息的数组:
/**
* 获取定义的验证规则的错误消息。
*
* @return array<string, string>
*/
public function messages(): array
{
return [
'title.required' => 'A title is required',
'body.required' => 'A message is required',
];
}
自定义验证属性
Laravel 的许多内置验证规则错误消息包含 :attribute
占位符。如果您想要将验证消息中的 :attribute
占位符替换为自定义属性名,可以通过重写 attributes
方法来指定自定义名称。此方法应返回一个属性 / 名称对的数组:
/**
* 获取验证器错误的自定义属性。
*
* @return array<string, string>
*/
public function attributes(): array
{
return [
'email' => 'email address',
];
}
准备验证输入
如果您需要在应用验证规则之前准备或清理请求中的任何数据,可以使用 prepareForValidation
方法:
use Illuminate\Support\Str;
/**
* 准备验证数据。
*/
protected function prepareForValidation(): void
{
$this->merge([
'slug' => Str::slug($this->slug),
]);
}
同样,如果您需要在验证完成后规范化任何请求数据,可以使用 passedValidation
方法:
/**
* 处理验证通过的请求。
*/
protected function passedValidation(): void
{
$this->replace(['name' => 'Taylor']);
}
手动创建验证器
如果您不想在请求上使用 validate
方法,您可以使用 Validator
门面 手动创建一个验证器实例。门面上的 make
方法生成一个新的验证器实例:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
class PostController extends Controller
{
/**
* 存储一篇新的博客文章。
*/
public function store(Request $request): RedirectResponse
{
$validator = Validator::make($request->all(), [
'title' => 'required|unique:posts|max:255',
'body' => 'required',
]);
if ($validator->fails()) {
return redirect('/post/create')
->withErrors($validator)
->withInput();
}
// 检索验证后的输入...
$validated = $validator->validated();
// 检索验证后输入的一部分...
$validated = $validator->safe()->only(['name', 'email']);
$validated = $validator->safe()->except(['name', 'email']);
// 存储博客文章...
return redirect('/posts');
}
}
传递给 make
方法的第一个参数是要验证的数据。第二个参数是应用于数据的验证规则数组。
在确定请求验证是否失败后,您可以使用 withErrors
方法将错误消息闪存到会话中。当使用此方法时, $errors
变量将在重定向后自动与您的视图共享,允许您轻松地将它们显示给用户。 withErrors
方法接受一个验证器、一个 MessageBag
或一个 PHP array
。
首次验证失败时停止
stopOnFirstFailure
方法将通知验证器,一旦发生单个验证失败,它就会停止验证所有属性:
if ($validator->stopOnFirstFailure()->fails()) {
// ...
}
自动重定向
如果您想手动创建一个验证程序实例,但仍然利用 HTTP 请求的 validate
方法提供的自动重定向,则可以在现有的验证程序实例上调用 validate
方法。如果验证失败,用户将自动重定向,或者在 XHR 请求的情况下,将 返回JSON响应:
Validator::make($request->all(), [
'title' => 'required|unique:posts|max:255',
'body' => 'required',
])->validate();
如果验证失败,你可以使用 validateWithBag
方法将错误消息存储在 命名错误包 中:
Validator::make($request->all(), [
'title' => 'required|unique:posts|max:255',
'body' => 'required',
])->validateWithBag('post');
命名错误包
如果您在一个单页面上有多个表单,您可能希望命名包含验证错误的 MessageBag
,以便检索特定表单的错误消息。要实现这一点,请将名称作为第二个参数传递给 withErrors
:
return redirect('/register')->withErrors($validator, 'login');
您可以在之后从 $errors
变量访问命名的 MessageBag
实例:
{{ $errors->login->first('email') }}
自定义错误消息
如果需要,您可以提供验证器实例应该使用的自定义错误消息,替换 Laravel 提供的默认错误消息。有几种方法可以指定自定义消息。首先,您可以将自定义消息作为第三个参数传递给 Validator::make
方法:
$validator = Validator::make($input, $rules, $messages = [
'required' => 'The :attribute field is required.',
]);
在本例中,:attribute
占位符将替换为正在验证字段的实际名称。您也可以在验证消息中使用其他占位符。例如
$messages = [
'same' => 'The :attribute and :other must match.',
'size' => 'The :attribute must be exactly :size.',
'between' => 'The :attribute value :input is not between :min - :max.',
'in' => 'The :attribute must be one of the following types: :values',
];
给自定义消息指定属性
有时,你可能希望仅为特定属性指定自定义错误消息。您可以使用点 「.」表示法。首先指定属性的名称,然后指定规则:
$messages = [
'email.required' => 'We need to know your email address!',
];
指定自定义属性值
Laravel 的许多内置错误消息都包括一个 :attribute
占位符,该占位符被替换为正在验证的字段或属性的名称。要自定义用于替换特定字段的占位符的值,可以将自定义属性数组作为第四个参数传递给 Validator::make
方法:
$validator = Validator::make($input, $rules, $messages, [
'email' => 'email address',
]);
执行附加验证
有时,在初始验证完成后,您需要执行额外的验证。您可以使用验证器的 after
方法来实现这一点。 after
方法接受一个闭包或一个可调用数组,这些闭包或数组将在验证完成后调用。给定的可调用程序将接收一个 Illuminate\Validation\Validator
实例,允许你在必要时引发额外的错误消息:
use Illuminate\Support\Facades\Validator;
$validator = Validator::make(/* ... */);
$validator->after(function ($validator) {
if ($this->somethingElseIsInvalid()) {
$validator->errors()->add(
'field', 'Something is wrong with this field!'
);
}
});
if ($validator->fails()) {
// ...
}
如上所述, after
方法也接受一个可调用的对象数组,如果你的 「after validation」逻辑被封装在可调用类中,这将特别方便,这些类将通过其 __invoke
方法接收一个 Illuminate\Validation\Validator
实例:
use App\Validation\ValidateShippingTime;
use App\Validation\ValidateUserStatus;
$validator->after([
new ValidateUserStatus,
new ValidateShippingTime,
function ($validator) {
// ...
},
]);
使用已验证过的输入
在使用表单请求或手动创建的验证器实例验证传入的请求数据之后,您可能希望检索实际经过验证的传入请求数据。这可以通过几种方式实现。首先,你可以在表单请求或验证器实例上调用 validated
方法。这个方法返回一个经过验证的数据数组:
$validated = $request->validated();
$validated = $validator->validated();
或者,你可以在表单请求或验证器实例上调用 safe
方法。这个方法返回一个 Illuminate\Support\ValidatedInput
实例。这个对象暴露了 only
, except
和 all
方法来检索已验证数据的子集或整个已验证数据的数组:
$validated = $request->safe()->only(['name', 'email']);
$validated = $request->safe()->except(['name', 'email']);
$validated = $request->safe()->all();
此外, Illuminate\Support\ValidatedInput
实例可以像数组一样被迭代和访问:
// 验证过的数据可以被迭代...
foreach ($request->safe() as $key => $value) {
// ...
}
// 验证过的数据可以作为数组访问...
$validated = $request->safe();
$email = $validated['email'];
如果您想添加额外的字段到已验证的数据,可以调用 merge
方法:
$validated = $request->safe()->merge(['name' => 'Taylor Otwell']);
如果您想将已验证的数据作为 集合 实例检索, 您可以调用 collect
方法:
$collection = $request->safe()->collect();
处理错误消息
在 Validator
实例上调用 errors
方法后,您将收到一个 Illuminate\Support\MessageBag
实例,它有多种方便的方法来处理错误消息。自动提供给所有视图的 $errors
变量也是 MessageBag
类的实例。
检索字段的第一个错误消息
要检索给定字段的第一个错误消息,请使用 first
方法:
$errors = $validator->errors();
echo $errors->first('email');
检索字段的所有错误消息
如果您需要检索给定字段的所有消息数组,请使用 get
方法:
foreach ($errors->get('email') as $message) {
// ...
}
如果您正在验证数组表单字段,可以使用 *
字符检索数组中每个元素的所有消息:
foreach ($errors->get('attachments.*') as $message) {
// ...
}
检索所有字段的所有错误消息
要检索所有字段的所有消息数组,请使用 all
方法:
foreach ($errors->all() as $message) {
// ...
}
确定字段是否存在消息
has
方法可用于确定给定字段是否存在任何错误消息:
if ($errors->has('email')) {
// ...
}
在语言文件中指定自定义消息
Laravel 的内置验证规则都有一个错误消息,位于应用程序的 lang/en/validation.php
文件中。如果您的应用没有 lang
目录,您可以让 Laravel 使用 lang:publish
Artisan 命令创建它。
在 lang/en/validation.php
文件中,您将找到每个验证规则的翻译条目。您可以根据应用程序的需要自由地更改或修改这些消息。
此外,您可以将此文件复制到另一个语言目录,以便为您应用程序的语言翻译消息。要了解更多有关 Laravel 本地化的信息,请查看完整的 本地化文档。
警告
默认,Laravel 应用程序骨架不包含lang
目录。如果您想自定义 Laravel 的语言文件,可以通过lang:publish
Artisan 命令发布它们。
为特定属性自定义消息
您可以在应用程序的验证语言文件中自定义用于指定属性和规则组合的错误消息。为此,您可以添加消息自定义到您应用程序 lang/xx/validate.php
语言文件的 custom
数组中:
'custom' => [
'email' => [
'required' => 'We need to know your email address!',
'max' => 'Your email address is too long!'
],
],
在语言文件中指定属性
Laravel的许多内置错误信息都包含一个 :attribute
占位符,它被正在验证的字段或属性的名称所替换。如果您想用一个自定义值替换验证消息的 :attribute
部分,你可以在您的 lang/xx/validate.php
语言文件的 attributes
数组中指定自定义属性名称:
'attributes' => [
'email' => 'email address',
],
警告
默认,Laravel 应用程序骨架不包含lang
目录。如果您想自定义 Laravel 的语言文件,您可以通过lang:publish
Artisan命令发布它们。
在语言文件中指定值
Laravel 的一些内置验证规则错误消息包含一个 :value
占位符,它会被替换为请求属性的当前值。但是,有时您可能需要将验证消息的 :value
部分替换为值的自定义表示。例如,考虑以下规则,该规则指定当 payment_type
的值为 cc
时,需要提供信用卡号码:
Validator::make($request->all(), [
'credit_card_number' => 'required_if:payment_type,cc'
]);
如果此验证规则失败,它将产生以下错误消息:
The credit card number field is required when payment type is cc.
您可以在 lang/xx/validation.php
语言文件中定义一个 values
数组,以指定一个更加友好的值表示,而不是展示 cc
作为支付类型值:
'values' => [
'payment_type' => [
'cc' => 'credit card'
],
],
警告
默认情况下,Laravel 应用程序骨架不包含lang
目录。如果您想自定义 Laravel 的语言文件,可以通过lang:publish
Artisan 命令发布它们。
定义这个值后,验证规则将产生以下错误消息:
The credit card number field is required when payment type is credit card.
可用的验证规则
以下是所有可用验证规则及其功能的列表:
布尔型
字符串型
Active URL
Alpha
Alpha Dash
Alpha Numeric
Ascii
Confirmed
Current Password
Different
Doesnt Start With
Doesnt End With
Email
Ends With
Enum
Hex Color
In
IP Address
JSON
Lowercase
MAC Address
Max
Min
Not In
Regular Expression
Not Regular Expression
Same
Size
Starts With
String
Uppercase
URL
ULID
UUID
数字型
Between
Decimal
Different
Digits
Digits Between
Greater Than
Greater Than Or Equal
Integer
Less Than
Less Than Or Equal
Max
Max Digits
Min
Min Digits
Multiple Of
Numeric
Same
Size
数组型
日期型
文件型
数据库型
实用工具
Any Of
Bail
Exclude
Exclude If
Exclude Unless
Exclude With
Exclude Without
Filled
Missing
Missing If
Missing Unless
Missing With
Missing With All
Nullable
Present
Present If
Present Unless
Present With
Present With All
Prohibited
Prohibited If
Prohibited If Accepted
Prohibited If Declined
Prohibited Unless
Prohibits
Required
Required If
Required If Accepted
Required If Declined
Required Unless
Required With
Required With All
Required Without
Required Without All
Required Array Keys
Sometimes
accepted
待验证的字段必须是 「yes」
, 「on」
, 1
,「1」
, true
,或 「true」
。这对于验证 「服务条款」 接受情况或相似字段很有用。
accepted_if:anotherfield,value,...
如果正在验证的另一个字段等于指定值,则正在验证的字段必须为 「yes」
, 「on」
, 1
, 「1」
, true
,或 「true」
。这对于验证 「服务条款」 接受情况或类似字段很有用。
active_url
根据 PHP 函数 dns_get_record
,验证中的字段必须具有有效的 A 或 AAAA 记录。提供的 URL 的主机名在传递给 dns_get_record
之前使用 PHP 函数 parse_url
提取。
after:date
验证中的字段必须是给定日期之后的值。该日期将被传递到 PHP 函数 strtotime
中,以便转换为有效的 DateTime
实例:
'start_date' => 'required|date|after:tomorrow'
您可以指定另一个字段与日期进行比较,而不是传递要由 strtotime
计算的日期字符串:
'finish_date' => 'required|date|after:start_date'
为方便起见,基于日期的规则可以使用流畅的 date
规则构建器来构建:
use Illuminate\Validation\Rule;
'start_date' => [
'required',
Rule::date()->after(today()->addDays(7)),
],
afterToday
和 todayOrAfter
方法可以分别用来流利地表示日期必须在今天之后或今天或之后:
'start_date' => [
'required',
Rule::date()->afterToday(),
],
after_or_equal:date
待验证的字段必须是在给定日期之后或等于给定日期的值。更多信息,请查看 after 规则。
为方便起见,基于日期的规则可以使用流畅的 date
规则构建器来构建:
use Illuminate\Validation\Rule;
'start_date' => [
'required',
Rule::date()->afterOrEqual(today()->addDays(7)),
],
anyOf
Rule::anyOf
验证规则允许您指定验证的字段必须满足任何给定的验证规则集。例如,下面的规则将验证 username
字段是一个电子邮件地址还是一个至少6个字符长的字母数字字符串(包括破折号):
use Illuminate\Validation\Rule;
'username' => [
'required',
Rule::anyOf([
['string', 'email'],
['string', 'alpha_dash', 'min:6'],
]),
],
alpha
要将此验证规则限制为 ASCII 范围内的字符( a-z
和 A-Z
),您可以为验证规则提供 ASCII
选项:
'username' => 'alpha:ascii',
alpha_dash
验证的字段必须完全是包含在 \p{L} , \p{M} , \p{N} 中的 Unicode 字母数字字符,以及 ASCII 破折号 ( -
) 和 ASCII 下划线 ( _
)。
要将此验证规则限制为 ASCII 范围内的字符( a-z
和 A-Z
,和 0-9
),您可以为验证规则提供 ASCII
选项:
'username' => 'alpha_dash:ascii',
alpha_num
待验证的字段必须完全是包含在 \p{L}, \p{M}, 和 \p{N}中的 Unicode 字母字符。
要将此验证规则限制为 ASCII 范围内的字符( a-z
和 A-Z
,和 0-9
),您可以为验证规则提供 ASCII
选项:
'username' => 'alpha_num:ascii',
array
待验证字段必须是一个 PHP 数组。
当向 array
规则提供附加值时,输入数组中的每个键都必须出现在提供给规则的值列表中。在以下示例中,输入数组中的 admin
键无效,因为它不包含在提供给 array
规则的值列表中:
use Illuminate\Support\Facades\Validator;
$input = [
'user' => [
'name' => 'Taylor Otwell',
'username' => 'taylorotwell',
'admin' => true,
],
];
Validator::make($input, [
'user' => 'array:name,username',
]);
通常,您应该始终指定允许出现在数组中的数组键。
ascii
待验证的字段必须完全是 7 位的 ASCII 字符。
bail
字段首次验证失败后停止运行验证规则。
虽然 bail
规则只会在遇到验证失败时停止验证特定字段,但 stopOnFirstFailure
方法会通知验证器,一旦发生单个验证失败,它应该停止验证所有属性:
if ($validator->stopOnFirstFailure()->fails()) {
// ...
}
before:date
待验证字段的值对应的日期必须在给定的日期之前。这个日期将被传递给 PHP 函数 strtotime
以便转化为有效的 DateTime
实例。此外,像 after 规则一样,另一个待验证的字段名称支持作为 date
的值。
为方便起见,基于日期的规则也可以使用流畅的 date
规则构建器来构建:
use Illuminate\Validation\Rule;
'start_date' => [
'required',
Rule::date()->before(today()->subDays(7)),
],
beforeToday
和 todayOrBefore
方法可以分别用来流利地表示日期必须在今天之前或今天或之前:
'start_date' => [
'required',
Rule::date()->beforeToday(),
],
before_or_equal:date
待验证字段的值对应的日期必须在给定的日期之前或等于被给定的日期。这个日期将被传递给 PHP 函数 strtotime
以便转化为有效的 DateTime
实例。此外,像 after 规则一样,另一个待验证的字段名称支持作为 date
的值。
为方便起见,基于日期的规则也可以使用流畅的 date
规则构建器来构建:
use Illuminate\Validation\Rule;
'start_date' => [
'required',
Rule::date()->beforeOrEqual(today()->subDays(7)),
],
between:min,max
待验证字段值的大小必须介于给定的最小值和最大值(含)之间。 字符串、数字、数组和文件的计算方式与 size 规则相同.
boolean
待验证的字段必须能够转换为布尔值。可接受的输入有 true
, false
, 1
, 0
, 「1」
, 和 「0」
。
confirmed
需要验证的字段必须有一个匹配的字段 {field}_confirmation
。例如,如果验证的字段是 password
,则必须在输入中出现一个匹配的 password_confirmation
字段。
您还可以传递一个自定义确认字段名。例如, confirmed:repeat_username
将期望字段 repeat_username
与正在验证的字段匹配。
contains:foo,bar,...
验证的字段必须是包含所有给定参数值的数组。由于该规则经常要求您 implode
一个数组,所以可以使用 rule::contains
方法来流畅地构造该规则:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($data, [
'roles' => [
'required',
'array',
Rule::contains(['admin', 'editor']),
],
]);
current_password
待验证下的字段必须与已经过身份验证的用户密码匹配。您可以指定一个 授权门禁 ,使用规则的第一个参数:
'password' => 'current_password:api'
date
根据PHP函数 strtotime
,验证下的字段必须是一个有效的非相对日期。
date_equals:date
验证中的字段必须等于给定的日期。日期将被传递到 PHP strtotime
函数中,以便转换为有效的 DateTime
实例。
date_format:format,...
验证的字段必须匹配给定的 formats 之一。在验证字段时,应该使用 date
或 date_format
中的 其中一个 ,而不是同时使用。该验证规则支持 PHP DateTime 类所支持的所有格式。
为方便起见,基于日期的规则可以使用流畅的 date
规则构建器来构建:
use Illuminate\Validation\Rule;
'start_date' => [
'required',
Rule::date()->format('Y-m-d'),
],
decimal:min,max
验证的字段必须是数字并且必须包含指定数量的小数位:
// 必须有两位小数 (9.99)...
'price' => 'decimal:2'
// 必须在2到4位小数之间...
'price' => 'decimal:2,4'
declined
验证的字段必须是 「no」
, 「off」
, 0
, 「0」
, false
, 或 「false」
。
declined_if:anotherfield,value,...
如果另一个验证字段的值等于指定值,则验证字段的值必须为 「no」
, 「off」
, 0
, 「0」
, false
, 或 「false」
。
different:field
验证的字段必须与 field 有不同的值。
digits:value
验证的整数必须具有确切的 value 长度。
digits_between:min,max
验证的整数长度必须在给定的 min 和 max 之间。
dimensions
The file under validation must be an image meeting the dimension constraints as specified by the rule's parameters:
'avatar' => 'dimensions:min_width=100,min_height=200'
Available constraints are: min_width, max_width, min_height, max_height, width, height, ratio.
A ratio constraint should be represented as width divided by height. This can be specified either by a fraction like 3/2
or a float like 1.5
:
'avatar' => 'dimensions:ratio=3/2'
Since this rule requires several arguments, it is often more convenient to use the Rule::dimensions
method to fluently construct the rule:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($data, [
'avatar' => [
'required',
Rule::dimensions()
->maxWidth(1000)
->maxHeight(500)
->ratio(3 / 2),
],
]);
distinct
When validating arrays, the field under validation must not have any duplicate values:
'foo.*.id' => 'distinct'
Distinct uses loose variable comparisons by default. To use strict comparisons, you may add the strict
parameter to your validation rule definition:
'foo.*.id' => 'distinct:strict'
You may add ignore_case
to the validation rule's arguments to make the rule ignore capitalization differences:
'foo.*.id' => 'distinct:ignore_case'
doesnt_start_with:foo,bar,...
The field under validation must not start with one of the given values.
doesnt_end_with:foo,bar,...
The field under validation must not end with one of the given values.
The field under validation must be formatted as an email address. This validation rule utilizes the egulias/email-validator package for validating the email address. By default, the RFCValidation
validator is applied, but you can apply other validation styles as well:
'email' => 'email:rfc,dns'
The example above will apply the RFCValidation
and DNSCheckValidation
validations. Here's a full list of validation styles you can apply:
rfc
:RFCValidation
- Validate the email address according to supported RFCs.strict
:NoRFCWarningsValidation
- Validate the email according to supported RFCs, failing when warnings are found (e.g. trailing periods and multiple consecutive periods).dns
:DNSCheckValidation
- Ensure the email address's domain has a valid MX record.spoof
:SpoofCheckValidation
- Ensure the email address does not contain homograph or deceptive Unicode characters.filter
:FilterEmailValidation
- Ensure the email address is valid according to PHP'sfilter_var
function.filter_unicode
:FilterEmailValidation::unicode()
- Ensure the email address is valid according to PHP'sfilter_var
function, allowing some Unicode characters.
For convenience, email validation rules may be built using the fluent rule builder:
use Illuminate\Validation\Rule;
$request->validate([
'email' => [
'required',
Rule::email()
->rfcCompliant(strict: false)
->validateMxRecord()
->preventSpoofing()
],
]);
[!WARNING]
Thedns
andspoof
validators require the PHPintl
extension.
ends_with:foo,bar,...
The field under validation must end with one of the given values.
enum
The Enum
rule is a class based rule that validates whether the field under validation contains a valid enum value. The Enum
rule accepts the name of the enum as its only constructor argument. When validating primitive values, a backed Enum should be provided to the Enum
rule:
use App\Enums\ServerStatus;
use Illuminate\Validation\Rule;
$request->validate([
'status' => [Rule::enum(ServerStatus::class)],
]);
The Enum
rule's only
and except
methods may be used to limit which enum cases should be considered valid:
Rule::enum(ServerStatus::class)
->only([ServerStatus::Pending, ServerStatus::Active]);
Rule::enum(ServerStatus::class)
->except([ServerStatus::Pending, ServerStatus::Active]);
The when
method may be used to conditionally modify the Enum
rule:
use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\Rule;
Rule::enum(ServerStatus::class)
->when(
Auth::user()->isAdmin(),
fn ($rule) => $rule->only(...),
fn ($rule) => $rule->only(...),
);
exclude
The field under validation will be excluded from the request data returned by the validate
and validated
methods.
exclude_if:anotherfield,value
The field under validation will be excluded from the request data returned by the validate
and validated
methods if the anotherfield field is equal to value.
If complex conditional exclusion logic is required, you may utilize the Rule::excludeIf
method. This method accepts a boolean or a closure. When given a closure, the closure should return true
or false
to indicate if the field under validation should be excluded:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($request->all(), [
'role_id' => Rule::excludeIf($request->user()->is_admin),
]);
Validator::make($request->all(), [
'role_id' => Rule::excludeIf(fn () => $request->user()->is_admin),
]);
exclude_unless:anotherfield,value
The field under validation will be excluded from the request data returned by the validate
and validated
methods unless anotherfield's field is equal to value. If value is null
(exclude_unless:name,null
), the field under validation will be excluded unless the comparison field is null
or the comparison field is missing from the request data.
exclude_with:anotherfield
The field under validation will be excluded from the request data returned by the validate
and validated
methods if the anotherfield field is present.
exclude_without:anotherfield
The field under validation will be excluded from the request data returned by the validate
and validated
methods if the anotherfield field is not present.
exists:table,column
The field under validation must exist in a given database table.
Basic Usage of Exists Rule
'state' => 'exists:states'
If the column
option is not specified, the field name will be used. So, in this case, the rule will validate that the states
database table contains a record with a state
column value matching the request's state
attribute value.
Specifying a Custom Column Name
You may explicitly specify the database column name that should be used by the validation rule by placing it after the database table name:
'state' => 'exists:states,abbreviation'
Occasionally, you may need to specify a specific database connection to be used for the exists
query. You can accomplish this by prepending the connection name to the table name:
'email' => 'exists:connection.staff,email'
Instead of specifying the table name directly, you may specify the Eloquent model which should be used to determine the table name:
'user_id' => 'exists:App\Models\User,id'
If you would like to customize the query executed by the validation rule, you may use the Rule
class to fluently define the rule. In this example, we'll also specify the validation rules as an array instead of using the |
character to delimit them:
use Illuminate\Database\Query\Builder;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($data, [
'email' => [
'required',
Rule::exists('staff')->where(function (Builder $query) {
$query->where('account_id', 1);
}),
],
]);
You may explicitly specify the database column name that should be used by the exists
rule generated by the Rule::exists
method by providing the column name as the second argument to the exists
method:
'state' => Rule::exists('states', 'abbreviation'),
Sometimes, you may wish to validate whether an array of values exists in the database. You can do so by adding both the exists
and array rules to the field being validated:
'states' => ['array', Rule::exists('states', 'abbreviation')],
When both of these rules are assigned to a field, Laravel will automatically build a single query to determine if all of the given values exist in the specified table.
extensions:foo,bar,...
The file under validation must have a user-assigned extension corresponding to one of the listed extensions:
'photo' => ['required', 'extensions:jpg,png'],
[!WARNING]
You should never rely on validating a file by its user-assigned extension alone. This rule should typically always be used in combination with the mimes or mimetypes rules.
file
The field under validation must be a successfully uploaded file.
filled
The field under validation must not be empty when it is present.
gt:field
The field under validation must be greater than the given field or value. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.
gte:field
The field under validation must be greater than or equal to the given field or value. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.
hex_color
The field under validation must contain a valid color value in hexadecimal format.
image
The file under validation must be an image (jpg, jpeg, png, bmp, gif, or webp).
[!WARNING]
By default, the image rule does not allow SVG files due to the possibility of XSS vulnerabilities. If you need to allow SVG files, you may provide theallow_svg
directive to theimage
rule (image:allow_svg
).
in:foo,bar,...
The field under validation must be included in the given list of values. Since this rule often requires you to implode
an array, the Rule::in
method may be used to fluently construct the rule:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($data, [
'zones' => [
'required',
Rule::in(['first-zone', 'second-zone']),
],
]);
When the in
rule is combined with the array
rule, each value in the input array must be present within the list of values provided to the in
rule. In the following example, the LAS
airport code in the input array is invalid since it is not contained in the list of airports provided to the in
rule:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
$input = [
'airports' => ['NYC', 'LAS'],
];
Validator::make($input, [
'airports' => [
'required',
'array',
],
'airports.*' => Rule::in(['NYC', 'LIT']),
]);
in_array:anotherfield.*
The field under validation must exist in anotherfield's values.
in_array_keys:value.*
The field under validation must be an array having at least one of the given values as a key within the array:
'config' => 'array|in_array_keys:timezone'
integer
The field under validation must be an integer.
[!WARNING]
This validation rule does not verify that the input is of the "integer" variable type, only that the input is of a type accepted by PHP'sFILTER_VALIDATE_INT
rule. If you need to validate the input as being a number please use this rule in combination with thenumeric
validation rule.
ip
The field under validation must be an IP address.
ipv4
The field under validation must be an IPv4 address.
ipv6
The field under validation must be an IPv6 address.
json
The field under validation must be a valid JSON string.
lt:field
The field under validation must be less than the given field. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.
lte:field
The field under validation must be less than or equal to the given field. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size rule.
lowercase
The field under validation must be lowercase.
list
The field under validation must be an array that is a list. An array is considered a list if its keys consist of consecutive numbers from 0 to count($array) - 1
.
mac_address
The field under validation must be a MAC address.
max:value
The field under validation must be less than or equal to a maximum value. Strings, numerics, arrays, and files are evaluated in the same fashion as the size rule.
max_digits:value
The integer under validation must have a maximum length of value.
mimetypes:text/plain,...
The file under validation must match one of the given MIME types:
'video' => 'mimetypes:video/avi,video/mpeg,video/quicktime'
To determine the MIME type of the uploaded file, the file's contents will be read and the framework will attempt to guess the MIME type, which may be different from the client's provided MIME type.
mimes:foo,bar,...
The file under validation must have a MIME type corresponding to one of the listed extensions:
'photo' => 'mimes:jpg,bmp,png'
Even though you only need to specify the extensions, this rule actually validates the MIME type of the file by reading the file's contents and guessing its MIME type. A full listing of MIME types and their corresponding extensions may be found at the following location:
svn.apache.org/repos/asf/httpd/htt...
MIME Types and Extensions
This validation rule does not verify agreement between the MIME type and the extension the user assigned to the file. For example, the mimes:png
validation rule would consider a file containing valid PNG content to be a valid PNG image, even if the file is named photo.txt
. If you would like to validate the user-assigned extension of the file, you may use the extensions rule.
min:value
The field under validation must have a minimum value. Strings, numerics, arrays, and files are evaluated in the same fashion as the size rule.
min_digits:value
The integer under validation must have a minimum length of value.
multiple_of:value
The field under validation must be a multiple of value.
missing
The field under validation must not be present in the input data.
missing_if:anotherfield,value,...
The field under validation must not be present if the anotherfield field is equal to any value.
missing_unless:anotherfield,value
The field under validation must not be present unless the anotherfield field is equal to any value.
missing_with:foo,bar,...
The field under validation must not be present only if any of the other specified fields are present.
missing_with_all:foo,bar,...
The field under validation must not be present only if all of the other specified fields are present.
not_in:foo,bar,...
The field under validation must not be included in the given list of values. The Rule::notIn
method may be used to fluently construct the rule:
use Illuminate\Validation\Rule;
Validator::make($data, [
'toppings' => [
'required',
Rule::notIn(['sprinkles', 'cherries']),
],
]);
not_regex:pattern
The field under validation must not match the given regular expression.
Internally, this rule uses the PHP preg_match
function. The pattern specified should obey the same formatting required by preg_match
and thus also include valid delimiters. For example: 'email' => 'not_regex:/^.+$/i'
.
[!WARNING]
When using theregex
/not_regex
patterns, it may be necessary to specify your validation rules using an array instead of using|
delimiters, especially if the regular expression contains a|
character.
nullable
The field under validation may be null
.
numeric
The field under validation must be numeric.
present
The field under validation must exist in the input data.
present_if:anotherfield,value,...
The field under validation must be present if the anotherfield field is equal to any value.
present_unless:anotherfield,value
The field under validation must be present unless the anotherfield field is equal to any value.
present_with:foo,bar,...
The field under validation must be present only if any of the other specified fields are present.
present_with_all:foo,bar,...
The field under validation must be present only if all of the other specified fields are present.
prohibited
The field under validation must be missing or empty. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
prohibited_if:anotherfield,value,...
The field under validation must be missing or empty if the anotherfield field is equal to any value. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
If complex conditional prohibition logic is required, you may utilize the Rule::prohibitedIf
method. This method accepts a boolean or a closure. When given a closure, the closure should return true
or false
to indicate if the field under validation should be prohibited:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($request->all(), [
'role_id' => Rule::prohibitedIf($request->user()->is_admin),
]);
Validator::make($request->all(), [
'role_id' => Rule::prohibitedIf(fn () => $request->user()->is_admin),
]);
prohibited_if_accepted:anotherfield,...
The field under validation must be missing or empty if the anotherfield field is equal to "yes"
, "on"
, 1
, "1"
, true
, or "true"
.
prohibited_if_declined:anotherfield,...
The field under validation must be missing or empty if the anotherfield field is equal to "no"
, "off"
, 0
, "0"
, false
, or "false"
.
prohibited_unless:anotherfield,value,...
The field under validation must be missing or empty unless the anotherfield field is equal to any value. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
prohibits:anotherfield,...
If the field under validation is not missing or empty, all fields in anotherfield must be missing or empty. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
regex:pattern
The field under validation must match the given regular expression.
Internally, this rule uses the PHP preg_match
function. The pattern specified should obey the same formatting required by preg_match
and thus also include valid delimiters. For example: 'email' => 'regex:/^.+@.+$/i'
.
[!WARNING]
When using theregex
/not_regex
patterns, it may be necessary to specify rules in an array instead of using|
delimiters, especially if the regular expression contains a|
character.
required
The field under validation must be present in the input data and not empty. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with no path.
required_if:anotherfield,value,...
The field under validation must be present and not empty if the anotherfield field is equal to any value.
If you would like to construct a more complex condition for the required_if
rule, you may use the Rule::requiredIf
method. This method accepts a boolean or a closure. When passed a closure, the closure should return true
or false
to indicate if the field under validation is required:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($request->all(), [
'role_id' => Rule::requiredIf($request->user()->is_admin),
]);
Validator::make($request->all(), [
'role_id' => Rule::requiredIf(fn () => $request->user()->is_admin),
]);
required_if_accepted:anotherfield,...
The field under validation must be present and not empty if the anotherfield field is equal to "yes"
, "on"
, 1
, "1"
, true
, or "true"
.
required_if_declined:anotherfield,...
The field under validation must be present and not empty if the anotherfield field is equal to "no"
, "off"
, 0
, "0"
, false
, or "false"
.
required_unless:anotherfield,value,...
The field under validation must be present and not empty unless the anotherfield field is equal to any value. This also means anotherfield must be present in the request data unless value is null
. If value is null
(required_unless:name,null
), the field under validation will be required unless the comparison field is null
or the comparison field is missing from the request data.
required_with:foo,bar,...
The field under validation must be present and not empty only if any of the other specified fields are present and not empty.
required_with_all:foo,bar,...
The field under validation must be present and not empty only if all of the other specified fields are present and not empty.
required_without:foo,bar,...
The field under validation must be present and not empty only when any of the other specified fields are empty or not present.
required_without_all:foo,bar,...
The field under validation must be present and not empty only when all of the other specified fields are empty or not present.
required_array_keys:foo,bar,...
The field under validation must be an array and must contain at least the specified keys.
same:field
The given field must match the field under validation.
size:value
The field under validation must have a size matching the given value. For string data, value corresponds to the number of characters. For numeric data, value corresponds to a given integer value (the attribute must also have the numeric
or integer
rule). For an array, size corresponds to the count
of the array. For files, size corresponds to the file size in kilobytes. Let's look at some examples:
// Validate that a string is exactly 12 characters long...
'title' => 'size:12';
// Validate that a provided integer equals 10...
'seats' => 'integer|size:10';
// Validate that an array has exactly 5 elements...
'tags' => 'array|size:5';
// Validate that an uploaded file is exactly 512 kilobytes...
'image' => 'file|size:512';
starts_with:foo,bar,...
The field under validation must start with one of the given values.
string
The field under validation must be a string. If you would like to allow the field to also be null
, you should assign the nullable
rule to the field.
timezone
The field under validation must be a valid timezone identifier according to the DateTimeZone::listIdentifiers
method.
The arguments accepted by the DateTimeZone::listIdentifiers
method may also be provided to this validation rule:
'timezone' => 'required|timezone:all';
'timezone' => 'required|timezone:Africa';
'timezone' => 'required|timezone:per_country,US';
unique:table,column
The field under validation must not exist within the given database table.
Specifying a Custom Table / Column Name:
Instead of specifying the table name directly, you may specify the Eloquent model which should be used to determine the table name:
'email' => 'unique:App\Models\User,email_address'
The column
option may be used to specify the field's corresponding database column. If the column
option is not specified, the name of the field under validation will be used.
'email' => 'unique:users,email_address'
Specifying a Custom Database Connection
Occasionally, you may need to set a custom connection for database queries made by the Validator. To accomplish this, you may prepend the connection name to the table name:
'email' => 'unique:connection.users,email_address'
Forcing a Unique Rule to Ignore a Given ID:
Sometimes, you may wish to ignore a given ID during unique validation. For example, consider an "update profile" screen that includes the user's name, email address, and location. You will probably want to verify that the email address is unique. However, if the user only changes the name field and not the email field, you do not want a validation error to be thrown because the user is already the owner of the email address in question.
To instruct the validator to ignore the user's ID, we'll use the Rule
class to fluently define the rule. In this example, we'll also specify the validation rules as an array instead of using the |
character to delimit the rules:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
Validator::make($data, [
'email' => [
'required',
Rule::unique('users')->ignore($user->id),
],
]);
[!WARNING]
You should never pass any user controlled request input into theignore
method. Instead, you should only pass a system generated unique ID such as an auto-incrementing ID or UUID from an Eloquent model instance. Otherwise, your application will be vulnerable to an SQL injection attack.
Instead of passing the model key's value to the ignore
method, you may also pass the entire model instance. Laravel will automatically extract the key from the model:
Rule::unique('users')->ignore($user)
If your table uses a primary key column name other than id
, you may specify the name of the column when calling the ignore
method:
Rule::unique('users')->ignore($user->id, 'user_id')
By default, the unique
rule will check the uniqueness of the column matching the name of the attribute being validated. However, you may pass a different column name as the second argument to the unique
method:
Rule::unique('users', 'email_address')->ignore($user->id)
Adding Additional Where Clauses:
You may specify additional query conditions by customizing the query using the where
method. For example, let's add a query condition that scopes the query to only search records that have an account_id
column value of 1
:
'email' => Rule::unique('users')->where(fn (Builder $query) => $query->where('account_id', 1))
Ignoring Soft Deleted Records in Unique Checks:
By default, the unique rule includes soft deleted records when determining uniqueness. To exclude soft deleted records from the uniqueness check, you may invoke the withoutTrashed
method:
Rule::unique('users')->withoutTrashed();
If your model uses a column name other than deleted_at
for soft deleted records, you may provide the column name when invoking the withoutTrashed
method:
Rule::unique('users')->withoutTrashed('was_deleted_at');
uppercase
The field under validation must be uppercase.
url
The field under validation must be a valid URL.
If you would like to specify the URL protocols that should be considered valid, you may pass the protocols as validation rule parameters:
'url' => 'url:http,https',
'game' => 'url:minecraft,steam',
ulid
The field under validation must be a valid Universally Unique Lexicographically Sortable Identifier (ULID).
uuid
The field under validation must be a valid RFC 9562 (version 1, 3, 4, 5, 6, 7, or 8) universally unique identifier (UUID).
You may also validate that the given UUID matches a UUID specification by version:
'uuid' => 'uuid:4'
Conditionally Adding Rules
Skipping Validation When Fields Have Certain Values
You may occasionally wish to not validate a given field if another field has a given value. You may accomplish this using the exclude_if
validation rule. In this example, the appointment_date
and doctor_name
fields will not be validated if the has_appointment
field has a value of false
:
use Illuminate\Support\Facades\Validator;
$validator = Validator::make($data, [
'has_appointment' => 'required|boolean',
'appointment_date' => 'exclude_if:has_appointment,false|required|date',
'doctor_name' => 'exclude_if:has_appointment,false|required|string',
]);
Alternatively, you may use the exclude_unless
rule to not validate a given field unless another field has a given value:
$validator = Validator::make($data, [
'has_appointment' => 'required|boolean',
'appointment_date' => 'exclude_unless:has_appointment,true|required|date',
'doctor_name' => 'exclude_unless:has_appointment,true|required|string',
]);
Validating When Present
In some situations, you may wish to run validation checks against a field only if that field is present in the data being validated. To quickly accomplish this, add the sometimes
rule to your rule list:
$validator = Validator::make($data, [
'email' => 'sometimes|required|email',
]);
In the example above, the email
field will only be validated if it is present in the $data
array.
[!NOTE]
If you are attempting to validate a field that should always be present but may be empty, check out this note on optional fields.
Complex Conditional Validation
Sometimes you may wish to add validation rules based on more complex conditional logic. For example, you may wish to require a given field only if another field has a greater value than 100. Or, you may need two fields to have a given value only when another field is present. Adding these validation rules doesn't have to be a pain. First, create a Validator
instance with your static rules that never change:
use Illuminate\Support\Facades\Validator;
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'games' => 'required|integer|min:0',
]);
Let's assume our web application is for game collectors. If a game collector registers with our application and they own more than 100 games, we want them to explain why they own so many games. For example, perhaps they run a game resale shop, or maybe they just enjoy collecting games. To conditionally add this requirement, we can use the sometimes
method on the Validator
instance.
use Illuminate\Support\Fluent;
$validator->sometimes('reason', 'required|max:500', function (Fluent $input) {
return $input->games >= 100;
});
The first argument passed to the sometimes
method is the name of the field we are conditionally validating. The second argument is a list of the rules we want to add. If the closure passed as the third argument returns true
, the rules will be added. This method makes it a breeze to build complex conditional validations. You may even add conditional validations for several fields at once:
$validator->sometimes(['reason', 'cost'], 'required', function (Fluent $input) {
return $input->games >= 100;
});
[!NOTE]
The$input
parameter passed to your closure will be an instance ofIlluminate\Support\Fluent
and may be used to access your input and files under validation.
Complex Conditional Array Validation
Sometimes you may want to validate a field based on another field in the same nested array whose index you do not know. In these situations, you may allow your closure to receive a second argument which will be the current individual item in the array being validated:
$input = [
'channels' => [
[
'type' => 'email',
'address' => 'abigail@example.com',
],
[
'type' => 'url',
'address' => 'https://example.com',
],
],
];
$validator->sometimes('channels.*.address', 'email', function (Fluent $input, Fluent $item) {
return $item->type === 'email';
});
$validator->sometimes('channels.*.address', 'url', function (Fluent $input, Fluent $item) {
return $item->type !== 'email';
});
Like the $input
parameter passed to the closure, the $item
parameter is an instance of Illuminate\Support\Fluent
when the attribute data is an array; otherwise, it is a string.
Validating Arrays
As discussed in the array validation rule documentation, the array
rule accepts a list of allowed array keys. If any additional keys are present within the array, validation will fail:
use Illuminate\Support\Facades\Validator;
$input = [
'user' => [
'name' => 'Taylor Otwell',
'username' => 'taylorotwell',
'admin' => true,
],
];
Validator::make($input, [
'user' => 'array:name,username',
]);
In general, you should always specify the array keys that are allowed to be present within your array. Otherwise, the validator's validate
and validated
methods will return all of the validated data, including the array and all of its keys, even if those keys were not validated by other nested array validation rules.
Validating Nested Array Input
Validating nested array based form input fields doesn't have to be a pain. You may use "dot notation" to validate attributes within an array. For example, if the incoming HTTP request contains a photos[profile]
field, you may validate it like so:
use Illuminate\Support\Facades\Validator;
$validator = Validator::make($request->all(), [
'photos.profile' => 'required|image',
]);
You may also validate each element of an array. For example, to validate that each email in a given array input field is unique, you may do the following:
$validator = Validator::make($request->all(), [
'person.*.email' => 'email|unique:users',
'person.*.first_name' => 'required_with:person.*.last_name',
]);
Likewise, you may use the *
character when specifying custom validation messages in your language files, making it a breeze to use a single validation message for array based fields:
'custom' => [
'person.*.email' => [
'unique' => 'Each person must have a unique email address',
]
],
Accessing Nested Array Data
Sometimes you may need to access the value for a given nested array element when assigning validation rules to the attribute. You may accomplish this using the Rule::forEach
method. The forEach
method accepts a closure that will be invoked for each iteration of the array attribute under validation and will receive the attribute's value and explicit, fully-expanded attribute name. The closure should return an array of rules to assign to the array element:
use App\Rules\HasPermission;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
$validator = Validator::make($request->all(), [
'companies.*.id' => Rule::forEach(function (string|null $value, string $attribute) {
return [
Rule::exists(Company::class, 'id'),
new HasPermission('manage-company', $value),
];
}),
]);
Error Message Indexes and Positions
When validating arrays, you may want to reference the index or position of a particular item that failed validation within the error message displayed by your application. To accomplish this, you may include the :index
(starts from 0
) and :position
(starts from 1
) placeholders within your custom validation message:
use Illuminate\Support\Facades\Validator;
$input = [
'photos' => [
[
'name' => 'BeachVacation.jpg',
'description' => 'A photo of my beach vacation!',
],
[
'name' => 'GrandCanyon.jpg',
'description' => '',
],
],
];
Validator::validate($input, [
'photos.*.description' => 'required',
], [
'photos.*.description.required' => 'Please describe photo #:position.',
]);
Given the example above, validation will fail and the user will be presented with the following error of "Please describe photo #2."
If necessary, you may reference more deeply nested indexes and positions via second-index
, second-position
, third-index
, third-position
, etc.
'photos.*.attributes.*.string' => 'Invalid attribute for photo #:second-position.',
Validating Files
Laravel provides a variety of validation rules that may be used to validate uploaded files, such as mimes
, image
, min
, and max
. While you are free to specify these rules individually when validating files, Laravel also offers a fluent file validation rule builder that you may find convenient:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\File;
Validator::validate($input, [
'attachment' => [
'required',
File::types(['mp3', 'wav'])
->min(1024)
->max(12 * 1024),
],
]);
Validating File Types
Even though you only need to specify the extensions when invoking the types
method, this method actually validates the MIME type of the file by reading the file's contents and guessing its MIME type. A full listing of MIME types and their corresponding extensions may be found at the following location:
svn.apache.org/repos/asf/httpd/htt...
Validating File Sizes
For convenience, minimum and maximum file sizes may be specified as a string with a suffix indicating the file size units. The kb
, mb
, gb
, and tb
suffixes are supported:
File::types(['mp3', 'wav'])
->min('1kb')
->max('10mb');
Validating Image Files
If your application accepts images uploaded by your users, you may use the File
rule's image
constructor method to ensure that the file under validation is an image (jpg, jpeg, png, bmp, gif, or webp).
In addition, the dimensions
rule may be used to limit the dimensions of the image:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
use Illuminate\Validation\Rules\File;
Validator::validate($input, [
'photo' => [
'required',
File::image()
->min(1024)
->max(12 * 1024)
->dimensions(Rule::dimensions()->maxWidth(1000)->maxHeight(500)),
],
]);
[!NOTE]
More information regarding validating image dimensions may be found in the dimension rule documentation.[!WARNING]
By default, theimage
rule does not allow SVG files due to the possibility of XSS vulnerabilities. If you need to allow SVG files, you may passallowSvg: true
to theimage
rule:File::image(allowSvg: true)
.
Validating Image Dimensions
You may also validate the dimensions of an image. For example, to validate that an uploaded image is at least 1000 pixels wide and 500 pixels tall, you may use the dimensions
rule:
use Illuminate\Validation\Rule;
use Illuminate\Validation\Rules\File;
File::image()->dimensions(
Rule::dimensions()
->maxWidth(1000)
->maxHeight(500)
)
[!NOTE]
More information regarding validating image dimensions may be found in the dimension rule documentation.
Validating Passwords
To ensure that passwords have an adequate level of complexity, you may use Laravel's Password
rule object:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\Password;
$validator = Validator::make($request->all(), [
'password' => ['required', 'confirmed', Password::min(8)],
]);
The Password
rule object allows you to easily customize the password complexity requirements for your application, such as specifying that passwords require at least one letter, number, symbol, or characters with mixed casing:
// Require at least 8 characters...
Password::min(8)
// Require at least one letter...
Password::min(8)->letters()
// Require at least one uppercase and one lowercase letter...
Password::min(8)->mixedCase()
// Require at least one number...
Password::min(8)->numbers()
// Require at least one symbol...
Password::min(8)->symbols()
In addition, you may ensure that a password has not been compromised in a public password data breach leak using the uncompromised
method:
Password::min(8)->uncompromised()
Internally, the Password
rule object uses the k-Anonymity model to determine if a password has been leaked via the haveibeenpwned.com service without sacrificing the user's privacy or security.
By default, if a password appears at least once in a data leak, it will be considered compromised. You can customize this threshold using the first argument of the uncompromised
method:
// Ensure the password appears less than 3 times in the same data leak...
Password::min(8)->uncompromised(3);
Of course, you may chain all the methods in the examples above:
Password::min(8)
->letters()
->mixedCase()
->numbers()
->symbols()
->uncompromised()
Defining Default Password Rules
You may find it convenient to specify the default validation rules for passwords in a single location of your application. You can easily accomplish this using the Password::defaults
method, which accepts a closure. The closure given to the defaults
method should return the default configuration of the Password rule. Typically, the defaults
rule should be called within the boot
method of one of your application's service providers:
use Illuminate\Validation\Rules\Password;
/**
* Bootstrap any application services.
*/
public function boot(): void
{
Password::defaults(function () {
$rule = Password::min(8);
return $this->app->isProduction()
? $rule->mixedCase()->uncompromised()
: $rule;
});
}
Then, when you would like to apply the default rules to a particular password undergoing validation, you may invoke the defaults
method with no arguments:
'password' => ['required', Password::defaults()],
Occasionally, you may want to attach additional validation rules to your default password validation rules. You may use the rules
method to accomplish this:
use App\Rules\ZxcvbnRule;
Password::defaults(function () {
$rule = Password::min(8)->rules([new ZxcvbnRule]);
// ...
});
Custom Validation Rules
Using Rule Objects
Laravel provides a variety of helpful validation rules; however, you may wish to specify some of your own. One method of registering custom validation rules is using rule objects. To generate a new rule object, you may use the make:rule
Artisan command. Let's use this command to generate a rule that verifies a string is uppercase. Laravel will place the new rule in the app/Rules
directory. If this directory does not exist, Laravel will create it when you execute the Artisan command to create your rule:
php artisan make:rule Uppercase
Once the rule has been created, we are ready to define its behavior. A rule object contains a single method: validate
. This method receives the attribute name, its value, and a callback that should be invoked on failure with the validation error message:
<?php
namespace App\Rules;
use Closure;
use Illuminate\Contracts\Validation\ValidationRule;
class Uppercase implements ValidationRule
{
/**
* Run the validation rule.
*/
public function validate(string $attribute, mixed $value, Closure $fail): void
{
if (strtoupper($value) !== $value) {
$fail('The :attribute must be uppercase.');
}
}
}
Once the rule has been defined, you may attach it to a validator by passing an instance of the rule object with your other validation rules:
use App\Rules\Uppercase;
$request->validate([
'name' => ['required', 'string', new Uppercase],
]);
Translating Validation Messages
Instead of providing a literal error message to the $fail
closure, you may also provide a translation string key and instruct Laravel to translate the error message:
if (strtoupper($value) !== $value) {
$fail('validation.uppercase')->translate();
}
If necessary, you may provide placeholder replacements and the preferred language as the first and second arguments to the translate
method:
$fail('validation.location')->translate([
'value' => $this->value,
], 'fr');
Accessing Additional Data
If your custom validation rule class needs to access all of the other data undergoing validation, your rule class may implement the Illuminate\Contracts\Validation\DataAwareRule
interface. This interface requires your class to define a setData
method. This method will automatically be invoked by Laravel (before validation proceeds) with all of the data under validation:
<?php
namespace App\Rules;
use Illuminate\Contracts\Validation\DataAwareRule;
use Illuminate\Contracts\Validation\ValidationRule;
class Uppercase implements DataAwareRule, ValidationRule
{
/**
* All of the data under validation.
*
* @var array<string, mixed>
*/
protected $data = [];
// ...
/**
* Set the data under validation.
*
* @param array<string, mixed> $data
*/
public function setData(array $data): static
{
$this->data = $data;
return $this;
}
}
Or, if your validation rule requires access to the validator instance performing the validation, you may implement the ValidatorAwareRule
interface:
<?php
namespace App\Rules;
use Illuminate\Contracts\Validation\ValidationRule;
use Illuminate\Contracts\Validation\ValidatorAwareRule;
use Illuminate\Validation\Validator;
class Uppercase implements ValidationRule, ValidatorAwareRule
{
/**
* The validator instance.
*
* @var \Illuminate\Validation\Validator
*/
protected $validator;
// ...
/**
* Set the current validator.
*/
public function setValidator(Validator $validator): static
{
$this->validator = $validator;
return $this;
}
}
使用闭包
如果您在整个应用程序中只需要使用一次自定义规则的功能,那么可以使用闭包而不是规则对象。闭包会接收属性的名称、属性的值和一个 $fail
回调函数,如果验证失败,则应调用该回调函数:
use Illuminate\Support\Facades\Validator;
use Closure;
$validator = Validator::make($request->all(), [
'title' => [
'required',
'max:255',
function (string $attribute, mixed $value, Closure $fail) {
if ($value === 'foo') {
$fail("The {$attribute} is invalid.");
}
},
],
]);
隐式规则
默认情况下,当待验证的属性不存在或包含空字符串时,包括自定义规则在内的常规验证规则将不会运行。例如 unique 规则将不会对空字符串运行:
use Illuminate\Support\Facades\Validator;
$rules = ['name' => 'unique:users,name'];
$input = ['name' => ''];
Validator::make($input, $rules)->passes(); // true
为了让自定义规则在属性为空时也能运行,该规则必须暗示该属性是必需的。要快速生成新的隐式规则对象,您可以使用带有--implicit
选项的 make:rule
Artisan 命令:
php artisan make:rule Uppercase --implicit
[!警告]
"隐式" 规则仅有 implies 属性是必须的。至于它是否真的会因为缺少或空属性而无效,则取决于你。
本文中的所有译文仅用于学习和交流目的,转载请务必注明文章译者、出处、和本文链接
我们的翻译工作遵照 CC 协议,如果我们的工作有侵犯到您的权益,请及时联系我们。
推荐文章: