.cursor/skills/laravel-best-practices/rules/validation.md
Extract validation from controllers into dedicated Form Request classes.
Incorrect:
public function store(Request $request)
{
$request->validate([
'title' => 'required|max:255',
'body' => 'required',
]);
}
Correct:
public function store(StorePostRequest $request)
{
Post::create($request->validated());
}
Array syntax is more readable and composes cleanly with Rule:: objects. Prefer it in new code, but check existing Form Requests first and match whatever notation the project already uses.
// Preferred for new code
'email' => ['required', 'email', Rule::unique('users')],
// Follow existing convention if the project uses string notation
'email' => 'required|email|unique:users',
validated()Get only validated data. Never use $request->all() for mass operations.
Incorrect:
Post::create($request->all());
Correct:
Post::create($request->validated());
Rule::when() for Conditional Validation'company_name' => [
Rule::when($this->account_type === 'business', ['required', 'string', 'max:255']),
],
after() Method for Custom ValidationUse after() instead of withValidator() for custom validation logic that depends on multiple fields.
public function after(): array
{
return [
function (Validator $validator) {
if ($this->quantity > Product::find($this->product_id)?->stock) {
$validator->errors()->add('quantity', 'Not enough stock.');
}
},
];
}