Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Is it considered best practice to sanitise API requests with the standard Laravel form Request method or is there a more API-oriented approach that would be better suited?
form requests dont SANITIZE input they just validate -
Laravel by default sanitizes data if you use the DB:: or ELoquent to insert/update into database.
if you want to do it manually - i would create a middleware that sanitizes the request (check out laravel's middleware for triming white space from Request input ) to see how they manipulate the form requests.
So as long as I'm using Eloquent to set the values in the database, there's no reason to not allow Laravel to handle sanitisation?
yeah pretty much - as long as you dont do soemthing like:
DB::insert('insert into xxxxxx. $request->name') then you should be ok..
Please or to participate in this conversation.