Level 18
Look into using Form Requests to validate your inbound form requests before you need to do any logic.
Apr 24, 2019
7
Level 1
How to validate URL query parameters?
Hello,
https://youtu.be/-1Hh-Hj4ZyU?t=648
Here it says :
if ($month = $filters['month']) { // some query scope }
When I run the app, it raises following error: Undefined index 'month'
I can solve the error if I change it to: if ( isset($filters['month']) ) { // some query scope }
Why does it work on the video but not in my app? (Laravel 5.5)
if I go to my home at /home, it won't work anymore, unless I go to /home?month=&year=
Also, how do I validate url parameters? If I go to /home?month=''''''&year= It will raise an error because Carbon expects a month but I provided single quotes. How do I validate the $_GET['month'] before it enters within the $query->whereMonth()?
Info aby my setup/code: Laravel 5.5. No custom code so far. I just followed the whole video tutorial so far (I'm learning). All my controllers and models are fully similar to the Laracast video above.
Regards,
Level 75
How to validate URL query parameters?
For one thing, these parameters remain the same unless user changes something in the address bar.
In other words they are original derived from the controller and passed in the appends method.
In a case where a user does try to change something, like an edit where the id = 5 and say they change it to 15, that's where RBAC comes in, it prevents it.
But you could do the following, because I am not sure.
Research and see if laravel auto runs query parameters through PHP htmlspecialchars. If not you could do it yourself.
And you could validate the query string parameters, I've just never seen that as a concern. Usually the query string doesn't have secure data, for security use post and put.
month=''''''&year=
Set some defaults in the request like:
$page = Request::input('page', '1');
Default = 1. Or handle in a ternary statement:
$dogsearch = !empty(Request::input('psch')) ? Request::input('psch') : '';
Just example, handle your blanks in your ternary.
Level 122
Just check how exactly you pass the request fields to the scope.
Level 1
@SNAPEY - I pass the request fields to the scope the way it is shown in the video, that is:
->filter(request(['month','year']))
this raises a Notice error (undefined index) if there is no "/posts?month=April" or no "/posts?month=&aaa=bbb" in the URL. The page "/posts" will raise the error.
However, it does somehow work if I put this instead:
->filter(request())
Why? I don't like sending a big fat request() to the scope.
in the first case, where I go to "/posts", it raises an error since 'month' is null, but in the second case it works fine (eventhough 'month' is null as well) and skips the scope's if condition fine.
Level 1
bump
Level 3
Usually I just replace the all method in the FormRequest like this
public function all($keys = null)
{
$request = parent::all($keys);
$request['my_query_param'] = $this->route('my_query_param');
return $request;
}
then I can use "my_query_param" in the rules method as any other incoming request input value.
Level 1
This is my solution based on this cases:
sample url:
- url/{screenerId}?filter[compliancy]=abc
public function all($keys = null)
{
$request = parent::all($keys);
$request['screenerId'] = $this->route('screenerId');
if (isset($request['filter']['compliancy'])) {
$request['compliancy'] = $request['filter']['compliancy'];
}
return $request;
}
Rules i had:
public function rules(): array
{
return [
'screenerId' => ['required'],
'compliancy' => ['sometimes', Rule::in(['abc', 'def'])],
];
}
Please or to participate in this conversation.