The arondeparon/laravel-request-sanitizer package provides a fluent interface to sanitize form requests before validating them.
Often, validating your request is not enough. The request sanitizer allows you to easily
manipulate your form data before passing it to the validator. You can start using it in a matter
of minutes and it is fully compatible with Laravel's FormRequest object.
- How to use
- Installing
- Usage
- Predefined Sanitizers
- Writing your own Sanitizer
- Testing
- Credits
- License
Syntax is similar to the way rules are added to a Form Request.
class StoreCustomerInformationRequest extends FormRequest
{
use SanitizesInputs;
protected $sanitizers = [
'lastname' => [
Capitalize::class,
],
'mobile_phone' => [
RemoveNonNumeric::class
],
];
}composer require arondeparon/laravel-request-sanitizer
- Add the
SanitizesInputstrait to your form request. - Write your own sanitizers or use one of the supplied sanitizers and add them to the
$sanitizersproperty of your form request. - Your request data will now be sanitized before being validated.
The sanitizer supports wildcard patterns in your form keys, allowing you to apply sanitizers to multiple fields that match a pattern. This is particularly useful when dealing with arrays or nested data structures.
class StoreUsersRequest extends FormRequest
{
use SanitizesInputs;
protected $sanitizers = [
// Apply to all email fields in the users array
'users.*.email' => [
Lowercase::class,
TrimDuplicateSpaces::class
],
// Apply to all name fields in the users array
'users.*.name' => [
Capitalize::class
],
// Multiple wildcards for deeply nested structures
'departments.*.employees.*.email' => [
Lowercase::class
]
];
}Example input:
$request = [
'users' => [
['email' => 'JOHN@EXAMPLE.COM', 'name' => 'john doe'],
['email' => 'JANE@EXAMPLE.COM', 'name' => 'jane smith']
],
'departments' => [
'sales' => [
'employees' => [
['email' => 'SALES@EXAMPLE.COM'],
['email' => 'SUPPORT@EXAMPLE.COM']
]
]
]
];After sanitization:
$sanitized = [
'users' => [
['email' => 'john@example.com', 'name' => 'John Doe'],
['email' => 'jane@example.com', 'name' => 'Jane Smith']
],
'departments' => [
'sales' => [
'employees' => [
['email' => 'sales@example.com'],
['email' => 'support@example.com']
]
]
]
];The wildcard pattern (*) will match any single segment in the dot notation path. You can use multiple wildcards to match nested structures at any depth.
Trim- simple PHPtrim()implementationTrimDuplicateSpacesreplaces duplicate spaces with a single space.RemoveNonNumeric- removes any non numeric characterCapitalize- capitalizes the first character of a stringUppercase- converts a string to uppercaseLowercase- converts a string to lowercaseFilterVars- simple PHPfilter_varsanitizerCarbonDate- cast a string to a Carbon object- Contributions are appreciated!
The FilterVars sanitizer acts as a wrapper of the default PHP filter_var function.
It accepts the same (optional) parameters as the original function.
Both parameters can be either an array or string type:
{
protected $sanitizers = [
'last_name' => [
FilterVars::class => [
'filter' => FILTER_SANITIZE_STRING,
'options' => FILTER_FLAG_STRIP_BACKTICK
]
]
];
}For more information on filter_vars please refer to https://www.php.net/manual/en/function.filter-var.php.
Writing your own sanitizer can be done by implementing the Sanitizer interface, which requires only
one method.
interface Sanitizer
{
public function sanitize($input);
}$ composer test
The MIT License (MIT). Please see License File for more information.