Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

justinmoh's avatar

Where should I put some input processing logic after validation?

This a mobile number format in my country.

+60123456789

However, when writing phone numbers, users often provide the following set, which completely make sense to human eye.

+60 12 345 6789
012 345 6789
012-3456789
6012-3456789

We know when a user enter something that's correct into the form and your application tell them it's wrong, they upset. So I made the regex for it:

class ExtendedValidator extends Validator
{
    protected function validateMobileNumber($attribute, $value)
    {
        $pattern = '/^\s*(?:(\+\s*)6|6?)\s*0\s*1\s*(11|[0-9])\s*\-?(\s*[0-9]){7}\s*$/';

        return preg_match($pattern, $value);
    }
}

Now I've been thinking. Obviously I would like to store the correct string into my database anyway.

I can let the validation finish and go back to my controller, then do processing like:

$request['mobile_no'] = preg_replace('/\s/', '', $request['mobile_no'];

I've seen somewhere in Laracasts Forum that said there was a sanitize function in Form Request, but removed. Perhaps Validation class should really do solely validation, and I have to take the last completion bit to process somewhere else.

I think it's fine for occasionally processing 1 request input. But what if I have a lot to process? Where should I put these kind of logic in Laravel 5.1?

There must be an elegant way to do this in Laravel, isn't it?

0 likes
5 replies
pmall's avatar
pmall
10 years ago
Best Answer
Level 56

Two options :

  • you can sanitize the values before validation : override the all() method of the form request :
public function all()
{
    $this->merge([
        'sanitized_mobile_no' => $this->sanitizeMobileNo($this->mobile_no),
        // etc
    ]);

    return parent::all();
}

Then you validate the field sanitized_mobile_no and use it in your controller. I don't erase the raw field name because I want to display to the user what he typed when validation fails and he gets back to the form.

  • you can use model mutators to sanitize values before saving to the db :
class MyModel extends Model
{
    public function setMobileNoAttribute ($mobile_no)
    {
        $this->attribute['mobile_no'] = $this->sanitizeMobileNo($mobile_no);
    }
}

When saving mobile_no column, it will go through this logic and change the mobile_no value.

1 like
justinmoh's avatar

Thanks @pmall , straight to the point.

I've been doing with the first option, haven't thought about setting it right at the model level.

The second option is more passive way to do it. But I think to ensure data integrity, most likely setAttribute is the way to go. As it explicitly declares that attribute can only be set under these conditions.

Thank for the inspiration.

pmall's avatar

@justinmoh be careful, this function is not performed when you set this value (like $model->mobile_no = 'something'), it is performed right before the data is saved to the db.

1 like
justinmoh's avatar

@pmall Are we talking about the second approach? I'm in doubt.

I tried that in php artisan tinker:

>>> $user->password;
=> "$2y$10$C8r5eRcmjipuic/3bjpVmOqQ17XZdpX4qorg./4ANQWVNA/jBRjeu"
>>> $user->password = 'justin';
=> "justin"
>>> $user->password;
=> "$2y$10$8nX8cJS9TsHQ2JoNz2HDIO2xlrI9kfATaYdkMaOSBfMG1ZFYIpQda"
>>> $user->save();
=> true
>>> $user->password;
=> "$2y$10$8nX8cJS9TsHQ2JoNz2HDIO2xlrI9kfATaYdkMaOSBfMG1ZFYIpQda"
>>>
pmall's avatar

Ok maybe you are right I'm not sure about this.

Please or to participate in this conversation.