Remi

Using FormRequest safely

Posted 1 week ago by Remi

Hi there,


class MyController
{
    public function store(MyRequestForm $request, Model $myModel)
    {
        // What I Have to write
        $myModel->update(data_get($request->validated(), 'data.attributes.*'));

        // that's what I'd like to write but without modification it would be stupid as
        // additional field could be added to the request and avoid any validation
        $myModel->update($request->input('data.attributes.*'));
    }
}

When Injecting a FormRequest in a controller's method, I know I need to use the validated method to get what has been validated. However, when I use other methods like input, get or all, I'm not getting safe to use data.

I would like to be able to write $request->input('data.attributes.*') and being certain that it would be only validated fields.

Of course, I Could make a Custom FormRequest with custom input, get, all methods and inherit my requests from it, but I'd like not to do that way to avoid the risk of not inheriting a request from it and introducing a security problem.

Perhaps customising the FormRequestServiceProvider would be a way to go ?

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.