A few weeks ago I blogged about the advantages of validation your request scope vs validating your model. Actually, it is even better to validate your request scope, populate your model with the results of your validateOrFail function and now also validate the model , this time including business logic in your validations.
As explained in this previous post, validateOrFail acts as a kind of filter if you validate a struct. Input of this filter is your request collection( a struct) or a user-defined struct. The nice thing here is: validateOrFail will only return your validated fields, and this way you get rid of all kind of unwanted other fields in your request scope which can help secure your input. At least, that’s what the docs indicate
I wouldn’t write this post if this was 100% valid, so let’s see what’s going on based on my simple use case.Continue reading