What the best way to handle form inputs in Livewire?

Hi guys. I not new in the Livewire ecosystem but I always have that question in my mind: What the best way to handle form inputs in Livewire?

Currently I'm building another livewire platform and I have that situation:

class EventPackage extends Component
{
    public $slug;

    public $paymentValue = 'full';

    public $formSubmit = false;

    // Form fields
    public string $email = '';

    public string $name = '';

    public string $phone = '';

    public string $user_id = '';

    public string $address = '';

    public string $complement = '';

    public string $neighborhood = '';

    public string $city = '';

    public string $state = '';

    public string $zip_code = '';

    public string $church_name = '';

    public string $gender = '';

    public string $document_cpf = '';

    public string $birthday = '';
    public string $group_level_id = '';

    public string $created_by_id = '1';

    public bool $over_18 = false;

    public function rules(): array
    {
        return [
            'email' => 'required|email',
            'name' => 'required|min:8',
            'phone' => 'required|min:10',
            'address' => 'required|min:3',
            'complement' => 'nullable|min:3',
            'neighborhood' => 'required|min:3',
            'city' => 'required|min:3',
            'state' => 'required|min:2',
            'zip_code' => 'required|min:5',
            'church_name' => 'required|min:3',
            'gender' => 'required|numeric',
            'document_cpf' => 'required|min:3',
            'birthday' => 'required|date|min:3',
            'over_18' => 'nullable|boolean',
            'group_level_id' => 'required|numeric',
        ];
    }

    #[Computed]
    public function eventPackage()
    {
        return \App\Models\EventPackage::with('items')
            ->where('slug', $this->slug)
            ->firstOrFail();
    }

And now with Computed and Locked annotations I'm a bit confused when I need to use it.

In the case above, $slug is the url parameter, and I need that to get the eventPackage (I annotate with Computed in this time).

But I dont know:

what need to be computed?
what need to be locked?
I need to declare every form input as a variable in the component? I have another option?
Is this safe?

LaryAI

1 year ago

Level 58

Handling form inputs in Livewire can be streamlined and efficient if you follow best practices. Let's address your questions one by one:

What needs to be computed?

Computed properties in Livewire are used to derive data that depends on other properties. They are similar to computed properties in Vue.js. In your case, the eventPackage method is a good candidate for a computed property because it derives its value based on the $slug property. This means whenever $slug changes, the eventPackage will automatically update.
```
#[Computed]
public function getEventPackageProperty()
{
    return \App\Models\EventPackage::with('items')
        ->where('slug', $this->slug)
        ->firstOrFail();
}
```
Note: Use the getPropertyNameProperty naming convention for computed properties.
What needs to be locked?

Locked properties are used when you want to ensure that a property is not updated by the client-side. This is useful for properties that should remain constant during the component's lifecycle. If you have properties that should not be changed by the user, consider using locked properties.

Do I need to declare every form input as a variable in the component?

Yes, in Livewire, each form input that you want to bind to must be declared as a public property in your component. This is how Livewire tracks changes and updates the component state. However, if you have a large number of form fields, you can consider grouping them into an array to make your component cleaner:

public $form = [
    'email' => '',
    'name' => '',
    'phone' => '',
    'address' => '',
    'complement' => '',
    'neighborhood' => '',
    'city' => '',
    'state' => '',
    'zip_code' => '',
    'church_name' => '',
    'gender' => '',
    'document_cpf' => '',
    'birthday' => '',
    'group_level_id' => '',
    'over_18' => false,
];

Then, you can update your validation rules to match this structure:

public function rules(): array
{
    return [
        'form.email' => 'required|email',
        'form.name' => 'required|min:8',
        'form.phone' => 'required|min:10',
        'form.address' => 'required|min:3',
        'form.complement' => 'nullable|min:3',
        'form.neighborhood' => 'required|min:3',
        'form.city' => 'required|min:3',
        'form.state' => 'required|min:2',
        'form.zip_code' => 'required|min:5',
        'form.church_name' => 'required|min:3',
        'form.gender' => 'required|numeric',
        'form.document_cpf' => 'required|min:3',
        'form.birthday' => 'required|date|min:3',
        'form.over_18' => 'nullable|boolean',
        'form.group_level_id' => 'required|numeric',
    ];
}

Is this safe?

Livewire is designed to be secure by default. However, you should always validate and sanitize your inputs to prevent any potential security issues. Using the rules method for validation is a good practice. Additionally, ensure that any data manipulation or database operations are performed securely, using prepared statements or ORM methods to prevent SQL injection.

By following these guidelines, you can effectively manage form inputs in Livewire while keeping your code clean and maintainable.

1 like

jj15

1 year ago

Best Answer

Level 10

Lary was correct in a few things, but I thought I'd add some extra thoughts.

If you're using Livewire v3, you can extract those properties (including any validation) into a form object if you wish, which will help keep the main component clean.

Computed properties are good for what you showed, fetching items from the database. They're also cached for each "render" or request, meaning that no matter how many times you call it from the component or the view, the database is only getting queried once per request. They can't be used on form objects though.

They also have the benefit of being automatically updated when the underlying data is changed (such as when the underlying model is updated). You can also use the native unset() function if needed which will cause the value to be recomputed.

Locked properties do as Lary described, stopping any public properties from being updated by anyone but the component itself. Even if you don't have a property "wired" on the frontend (such as to an input), anyone can change them via the browser console with a little bit of JS:

Livewire.find('component-id-found-in-html').set('propertyName', 'whatever I want');

Depending on how and what a property is being used for, this can be dangerous. For example, imagine you have a component for updating a post. Some developers instead like to store the model's ID and it's attributes as primitive properties (such as a string, int, bool, etc.) on the component. You would want to make sure the ID cannot be updated to prevent unauthorized users from updating posts that don't belong to them.

Your component should be safe as long as you're validating input, authorizing actions, and locking properties as necessary. The Livewire docs have a good page on this.

1 like

patrickmaciel

1 year ago

Level 3

@jj15 ohhhhh I didnt know that form object. I only study the "livewire 2", and when 3 was released I not check the differences.

thanks you so much for the info, and for your time.

1 like

jlrdw

1 year ago

Level 75

@patrickmaciel I suggest https://laracasts.com/series/livewire-3-from-scratch

1 like

Please or to participate in this conversation.