Prohibited Validation Rules in Laravel

Published on by

Prohibited Validation Rules in Laravel image

Laravel 8 now has three validation rules for prohibited fields, including prohibited_if, prohibited_unless, and prohibited. Let's walk through a few examples of where the prohibited* validation rules might be useful, and look at each one in more detail.

Prohibited If and Unless

Jess Archer contributed the prohibited if/unless validation rules released in Laravel Laravel 8.32. The basic idea of "prohibited" validation rules is that a given field should be prohibited from having data if another field is present or if a field should be allowed in a request at all.

Here's the example Jess provided in the pull request for this feature, which illustrates perfectly how to use this rule to explicitly prevent contradictory input:

Validator::validate([
'is_deceased' => false,
'date_of_death' => '2021-03-09'
], [
'date_of_death' => 'prohibited_unless:is_deceased,true'
]);

Another example might be someone accepting terms of service that has identified as a minor. Perhaps the application requires a parental registration to consent on their behalf:

Validator::validate([
'is_minor' => true,
'tos_accepted' => true
], [
'tos_accepted' => 'prohibited_if:is_minor,true'
]);

Prohibited Validation Rule

After Laravel 8.32, Philo Hermans contributed a prohibited rule in Laravel 8.34 which ensures that an input is not present when validating:

// PUT /api/licenses/123-456
// {"name":"hello-world", "key":"random-key"}
 
$validated = $request->validate([
'name' => 'required|max:255',
'key' => 'prohibited',
]);
 
// Response: 422
// The key field is prohibited

The above is a good example where a user might expect to update an API key by sending a PUT request to a resource. In a typical application, that field is likely ignored during the request. However, a successful response might lead the user to believe they were able to update the key when in reality, the API ignored it. The prohibited rule will clarify that this field is not allowed and is considered immutable.

Learn More

The list of available validation rules is an excellent resource to see available rules and how to use them.

You can always go for custom validation objects to craft custom validation rules if you run into a situation where the built-in rules don't quite suit your needs.

Laravel has extensive Validation documentation that should bring you up-to-speed on everything related to validating input from users. Also, if you're new to Laravel, Laracasts has a Form Validation Essentials video (likely getting updating to Laravel 8 soon) that will help you immensely in visualizing how validation works.

Paul Redmond photo

Full stack web developer. Author of Lumen Programming Guide and Docker for PHP Developers.

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Visit Laravel Forge
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $2500/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
LoadForge logo

LoadForge

Easy, affordable load testing and stress tests for websites, APIs and databases.

LoadForge
Paragraph logo

Paragraph

Manage your Laravel app as if it was a CMS – edit any text on any page or in any email without touching Blade or language files.

Paragraph
Lucky Media logo

Lucky Media

Bespoke software solutions built for your business. Partner with Lucky Media, your favorite Laravel Development Agency!

Lucky Media
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
Laravel Forge logo

Laravel Forge

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Forge
Oh Dear logo

Oh Dear

Oh Dear is the best all-in-one monitoring tool for all your Laravel apps.

Oh Dear
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell

The latest

View all →
Get insights into all your Laravel notifications with Paragraphs new package image

Get insights into all your Laravel notifications with Paragraphs new package

Read article
FrankenPHP v1.0 is Here image

FrankenPHP v1.0 is Here

Read article
Self-healing URLs in Laravel image

Self-healing URLs in Laravel

Read article
Laravel 10.35 Released image

Laravel 10.35 Released

Read article
Solve n+1 queries in PHP with Scout APM image

Solve n+1 queries in PHP with Scout APM

Read article
Show Outdated Composer Dependencies in Laravel Pulse image

Show Outdated Composer Dependencies in Laravel Pulse

Read article