Every web application deals with user input—whether it’s a registration form, a checkout page, or an API request. But user input is unpredictable, and insecure input can lead to bugs, bad data, or even security vulnerabilities.

Laravel makes validation simple and powerful with two main approaches:

• Inline validation (quick checks inside controllers).
• Form Request validation (clean, reusable classes).

For interviews, Laravel Validation & Form Requests is a must-know topic. Let’s explore how it works and why it’s important.

Why Validation Matters

• Data Integrity → Prevents invalid or incomplete data from entering the database.
• Security → Protects against injection, XSS, or malicious input.
• User Experience → Gives clear error messages for incorrect input.
• Maintainability → Centralizes validation rules for easier updates.

Quick Validation in Controllers

You can validate input directly inside a controller method:

public function store(Request $request) {
    $validated = $request->validate([
        'name' => 'required|string|max:50',
        'email' => 'required|email|unique:users',
        'password' => 'required|min:8|confirmed',
    ]);

    User::create($validated);

    return redirect()->back()->with('success', 'User created!');
}

👉 The validate() method automatically validates the request data and redirects back with errors if validation fails.

Using Form Request Validation

For larger apps, validation inside controllers can get messy. Laravel solves this with Form Request classes.

Step 1: Create a Form Request

php artisan make:request StoreUserRequest

Step 2: Define Validation Rules

app/Http/Requests/StoreUserRequest.php

public function rules() {
    return [
        'name' => 'required|string|max:50',
        'email' => 'required|email|unique:users',
        'password' => 'required|min:8|confirmed',
    ];
}

Step 3: Use it in Controller

public function store(StoreUserRequest $request) {
    User::create($request->validated());
    return redirect()->back()->with('success', 'User created!');
}

👉 Cleaner, reusable, and perfect for team projects.

Custom Error Messages

$request->validate([
    'email' => 'required|email',
], [
    'email.required' => 'We need your email address!',
    'email.email' => 'This must be a valid email.',
]);

👉 You can also define messages inside Form Request classes.

Common Validation Rules in Laravel

• required → field must be present.
• email → must be valid email format.
• min:n / max:n → character or number limits.
• unique:table,column → ensures no duplicate values.
• confirmed → ensures two fields match (e.g., password + confirmation).
• regex:/pattern/ → matches a regex pattern.
• exists:table,column → ensures foreign keys are valid.

Custom Validation Rules

You can create reusable validation logic:

php artisan make:rule Uppercase

Generated rule:

public function passes($attribute, $value) {
    return strtoupper($value) === $value;
}

public function message() {
    return 'The :attribute must be uppercase.';
}

Use in a form request:

'name' => ['required', new Uppercase],

Validation in APIs

Laravel handles validation for API responses too.

public function store(Request $request) {
    $validator = Validator::make($request->all(), [
        'title' => 'required|max:255',
    ]);

    if ($validator->fails()) {
        return response()->json($validator->errors(), 422);
    }

    return response()->json(['success' => true]);
}

👉 Instead of redirects, APIs return JSON error responses.

Common Beginner Mistakes

• Forgetting confirmed when validating passwords.
• Not using unique properly (unique:users,email).
• Writing long validation rules inside controllers (instead of Form Requests).
• Not customizing error messages → poor user experience.

Sample Interview Questions & Answers

Q: How do you validate input in Laravel?
A: Using $request->validate() inside controllers or by creating Form Request classes for reusable validation.

Q: What’s the difference between inline validation and Form Request validation?
A: Inline is quick but messy for large apps; Form Requests centralize rules for better maintainability.

Q: How do you validate passwords with confirmation in Laravel?
A: Use confirmed rule → requires a password_confirmation field.

Q: How does Laravel handle validation errors?
A: Automatically redirects back with error messages (web) or returns a JSON response (API).

Q: Can you create custom validation rules?
A: Yes, using php artisan make:rule RuleName.

Q: How does validation differ in APIs vs Web apps?
A: Web apps redirect with session errors; APIs return JSON error responses with status codes.

Mini Project Idea

👉 Build a Registration Form with validation:

• • Fields: name, email, password, password_confirmation.
  • Validation: required, email, unique, min length, confirmed.
  • Display errors in Blade using:

@error('email')
    <span class="text-red-500">{{ $message }}</span>
@enderror

Closing Note

Laravel Validation & Form Requests is both powerful and beginner-friendly. It ensures clean, secure input and scales from small forms to large APIs.

Laravel Framework Mastery

Advantages of Eloquent ORM
→ Master database operations with Laravel’s powerful ORM

Laravel Collections Explained
→ Simplify data handling with powerful collection methods for filtering, mapping, and transforming arrays effortlessly

Blade Templating in Laravel
→ Create dynamic, reusable, and clean front-end layouts effortlessly using Laravel’s powerful Blade templating engine

Laravel Migrations & Database Management
→ Manage your database schema efficiently with Laravel migrations, seeders, and factories for smooth development and testing