Validate & Sanitize User Input to help prevent dirty databases and XSS exploits
William shares his tips about using Laravel validation feature to ensure that all users' inputs are correct.
We all use Laravels Validation feature to ensure we have the required input and it matches some sort of rule. The available rules cover plenty of situations but they fail to cover the one we should worry about most.
Laravels Auth system comes with a simple User model that provides validaton of the users details before it's inserted into your database. We see it like: ~~~ return Validator::make($data, [ 'name' => 'required|max:255', 'email' => 'required|email|max:255|unique:users', 'password' => 'required|min:6|confirmed', ]); ~~~
These rules will ensure the data we need is there and of the desired length and type.
But is that all we need to do? The article talks more about form validation, sanitizing and offers an example using Sanitizer,
Validator, & HTMLPurifier together to easily clean your fields.
You can also just check out the gist: https://gist.github.com/gcphost/cd2c61acfb97c8e613aa7289241fed47