Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

namht1st's avatar

How to remove url path from request paramters

Hi everyone,

I am having problems with the request paramters suddenly include url path as below:

use Illuminate\Http\Request;
public function create(Request $request)
    {
        $data = $request->all();
        $validator = Validator::make($data, [
            'name' => 'string|required',
            'code' => 'string|required',
            'note' => 'string'
        ]);
	if ($validator->fails()) {
            return responseErrorsAjaxRequest(createValidatorMessages($validator));
        }
 	$this->repository->createRole($data);
}

array:6 [▼
  "name" => "Supervisor"
  "code" => "SPV"
  "note" => "Supervisor"
  "select-permission-20" => "on"
  "select-permission-15" => "on"
  "/settings/authorization/roles/create" => null
]

Can anyone tell me why and how to handle it

Thanks in advance

0 likes
3 replies
frankincredible's avatar
frankincredible
6 years ago
Best Answer
Level 14

Are you saying that is coming through if you were to say use dd($request->all()); on the first line of your create() method?

That is strange for the url to be sent as a request param, but it does bring up a very very important point in your code snippet:

It is very dangerous to send the entire array of request input (in this case to your repository, but in general to model's create() method).

I would highly recommend adding validation rules to any input fields you want to accept and store the validated fields:

$validatedData = $request->validate([
    'name' => 'string|required',
    'code' => 'string|required',
    'note' => 'string'
]);

// $validated data will only ever include 'name', 'code', 'note' because they are the fields that have been validated.
$this->repository->createRole($validatedData);

Alternatively, you can use a whitelist like this:

$this->repository->createRole($request->only(['name', 'code', 'note']));
etiennedeschenes's avatar

Hello,

Try this:

$data = $request->only(['name', 'code', 'note']);

instead of

$data = $request->all();

Please or to participate in this conversation.