Tinkerwell - The PHP Scratchpad

Laravel News Laravel News

Prohibited Validation Rules in Laravel

Published on by

Prohibited Validation Rules in Laravel image

Laravel 8 now has three validation rules for prohibited fields, including prohibited_if, prohibited_unless, and prohibited. Let's walk through a few examples of where the prohibited* validation rules might be useful, and look at each one in more detail.

Prohibited If and Unless

Jess Archer contributed the prohibited if/unless validation rules released in Laravel Laravel 8.32. The basic idea of "prohibited" validation rules is that a given field should be prohibited from having data if another field is present or if a field should be allowed in a request at all.

Here's the example Jess provided in the pull request for this feature, which illustrates perfectly how to use this rule to explicitly prevent contradictory input:

Validator::validate([
    'is_deceased' => false,
    'date_of_death' => '2021-03-09'
], [
    'date_of_death' => 'prohibited_unless:is_deceased,true'
]);

Another example might be someone accepting terms of service that has identified as a minor. Perhaps the application requires a parental registration to consent on their behalf:

Validator::validate([
    'is_minor' => true,
    'tos_accepted' => true
], [
    'tos_accepted' => 'prohibited_if:is_minor,true'
]);

Prohibited Validation Rule

After Laravel 8.32, Philo Hermans contributed a prohibited rule in Laravel 8.34 which ensures that an input is not present when validating:

// PUT /api/licenses/123-456
// {"name":"hello-world", "key":"random-key"}
 
$validated = $request->validate([
    'name' => 'required|max:255',
    'key' => 'prohibited',
]);
 
// Response: 422
// The key field is prohibited

The above is a good example where a user might expect to update an API key by sending a PUT request to a resource. In a typical application, that field is likely ignored during the request. However, a successful response might lead the user to believe they were able to update the key when in reality, the API ignored it. The prohibited rule will clarify that this field is not allowed and is considered immutable.

Learn More

The list of available validation rules is an excellent resource to see available rules and how to use them.

You can always go for custom validation objects to craft custom validation rules if you run into a situation where the built-in rules don't quite suit your needs.

Laravel has extensive Validation documentation that should bring you up-to-speed on everything related to validating input from users. Also, if you're new to Laravel, Laracasts has a Form Validation Essentials video (likely getting updating to Laravel 8 soon) that will help you immensely in visualizing how validation works.

Paul Redmond photo

Staff writer at Laravel News. Full stack web developer and author.

X X Github Github
Filed in:
Laravel Tutorials
Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

Cube

Laravel Jobs

Explore hundreds of open positions today.

View all jobs
image
Tinkerwell

Enjoy coding and debugging in an editor designed for fast feedback and quick iterations. It's like a shell for your application – but with multi-line editing, code completion, and more.

Visit Tinkerwell

Partners

View all →
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $3200/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
Get expert guidance in a few days with a Laravel code review logo

Get expert guidance in a few days with a Laravel code review

Expert code review! Get clear, practical feedback from two Laravel devs with 10+ years of experience helping teams build better apps.

Get expert guidance in a few days with a Laravel code review
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Harpoon: Next generation time tracking and invoicing logo

Harpoon: Next generation time tracking and invoicing

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Harpoon: Next generation time tracking and invoicing
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit

The latest

View all →
Generate Secure, Memorable Passphrases in PHP with PHP Passphrase image

Generate Secure, Memorable Passphrases in PHP with PHP Passphrase

Read article
FrankenPHP v1.11.2 Released With 30% Faster CGO, 40% Faster GC, and Security Patches image

FrankenPHP v1.11.2 Released With 30% Faster CGO, 40% Faster GC, and Security Patches

Read article
Capture Web Page Screenshots in Laravel with Spatie's Laravel Screenshot image

Capture Web Page Screenshots in Laravel with Spatie's Laravel Screenshot

Read article
Nimbus: An In-Browser API Testing Playground for Laravel image

Nimbus: An In-Browser API Testing Playground for Laravel

Read article
Laravel 12.51.0 Adds afterSending Callbacks, Validator whenFails, and MySQL Timeout image

Laravel 12.51.0 Adds afterSending Callbacks, Validator whenFails, and MySQL Timeout

Read article
Handling Large Datasets with Pagination and Cursors in Laravel MongoDB image

Handling Large Datasets with Pagination and Cursors in Laravel MongoDB

Read article