How can I sanitize laravel Request inputs?

php laravel forms request sanitization

13,064

Solution 1

I just came across for the same problem.
I'd like to show you another way of doing it without extends but with traits. ( I will take the Example Classes from Tarek Adam ).

PHP Traits are like functions which will be injected into the used class. The one main difference is that a Trait doesn't need any dependency like a extends do. This means you can use a trait for more then just one class e.x. for Controllers, Requests and whatever you like.

Laravel provides some traits in the BaseController, we can do the same.

How to do it with a trait

Create a trait as file in \App\Traits\SanitizedRequest.php. You can create it anywhere it doesn't matter really. You have to provide the correct namespace for sure.

namespace App\Trait;

trait SanitizedRequest{

    private $clean = false;

    public function all(){
        return $this->sanitize(parent::all());
    }


    protected function sanitize(Array $inputs){
        if($this->clean){ return $inputs; }

        foreach($inputs as $i => $item){
            $inputs[$i] = trim($item);
        }

        $this->replace($inputs);
        $this->clean = true;
        return $inputs;
    }
}

In your Request you can use the trait with use SanitizedRequest keyword.

namespace App\Http\Requests\Forms;

use App\Http\Requests\Request;
use App\Trait\SanitizedRequest; // Import the Trait 

class ContactRequest extends Request {
    use SanitizedRequest; // This line adds all the Trait functions to your current class

    public function authorize(){ return true; }
    public function rules(){ return []; }
}

Solution 2

Create an abstract SanitizedRequest class that extends the usual Request class.
YourRequest class should extend your SanitizedRequest abstract class.

Your SanitizedRequest class overrides Request::all() as like so...

namespace App\Http\Requests\Forms;
use App\Http\Requests\Request;

abstract class SanitizedRequest extends Request{

    private $clean = false;

    public function all(){
        return $this->sanitize(parent::all());
    }


    protected function sanitize(Array $inputs){
        if($this->clean){ return $inputs; }

        foreach($inputs as $i => $item){
            $inputs[$i] = trim($item);
        }

        $this->replace($inputs);
        $this->clean = true;
        return $inputs;
    }
}

Then a normal CustomRequest, but extend SanitizedRequest instead of laravel's Request class

    class ContactRequest extends SanitizedRequest{
        public function authorize(){ return true; }
        public function rules(){ return []; }
    }

13,064

Author by

Tarek Adam

As a self-taught technologist working with well trained computer scientists and software engineers, I must follow the highest industry standards or be destroyed.

Updated on June 09, 2022

Comments

Tarek Adam almost 2 years

I have MyRequest.php class extending App\Http\Requests\Request. I want to trim() every input before validation because an e-mail with a space after it does not pass validation.

However sanitize() was removed from src/Illuminate/Foundation/Http/FormRequest.php