Anyone worth their penny will tell you that you should never trust what the user submits to your application, that's why validation is very important for the safety of your data and Laravel provides a very easy validation module, let's take an example where a user needs to register in our application, using Laravel validation it would be something like this


        // AuthController.vue
        function register(Request $request) {

            $request->validate([
                'full_name' => 'required',
                'email'     => 'required|email|unique:users',
                'password' 	=> 'required|min:6',
            ]);

            $user = User::create([
                "full_name" => request('full_name'),
                "email"     => request('email'),
                "password"  => bcrypt(request('password')),
            ]);

            ...
        }

Now this will work with no problem, but I believe that the controller should have one responsibility, and that is to receive the route request and delegate it to the appropriate service and return the appropriate response, nothing more.

Also keeping our validation logic in the controller can make things messy because the controller will have multiple responsibilities, and as our application grows the code will become harder to maintain, especially when we have validation rules in every method. That's when Laravel form requests can be useful. It can also allow us to reuse the validation logic in a different method.

First, let's create the form request using the artisan command, this command will generate a class in the app/Http/Requests directory.


        php artisan make:request RegisterFormRequest

Form Requests is simply a class with one single responsibility: validating and authorizing the data submitted by the user. It contains a rules() method which returns an array of validation rules and an authorize() method which returns a boolean of whether or not the user is authorized to perform the request, there is also the messages() method where we can specify validation messages for each validation rule.


        <?php

        namespace App\Http\Requests;

        use Illuminate\Foundation\Http\FormRequest;

        class RegisterFormRequest extends FormRequest
        {
            /**
            * Determine if the user is authorized to make this request.
            *
            * @return bool
            */
            public function authorize()
            {
                return true;
            }

            /**
            * Get the validation rules that apply to the request.
            *
            * @return array
            */
            public function rules()
            {
                return [
                    'full_name'     => 'required',
                    'email'         => 'required|email|unique:users',
                    'password'  	=> 'required|min:6',
                ];
            }

            public function messages()
            {
                return [
                    'full_name.required'    => 'Your full name is required!',
                    'email.required'        => 'Your Email is required!',
                    'password.min'          => 'Your password is too short, it should be at least 6 characters'
                ];
            }
        }

Now that we have moved our validation logic from the controller into the Form Request class, let's implement this new validation into our controller


    // AuthController.vue

    use App\Http\Requests\RegisterFormRequest;

    ...

    function register(RegisterFormRequest $request) {

        $user = User::create([
            "full_name" => $request->full_name,
            "email"     => $request->email,
            "password"  => bcrypt($request->password),
        ]);

        ...
    }

Note that we must type-hint the form request class in the controller method, so it can be resolved automatically before the controller method is called.

If validation fails, the user will be redirected to the previous page. where the errors will be flashed to the session. If the request was an AJAX request, an HTTP response with a 422 status code will be returned to the user including a JSON object containing the validation errors.