Web sites that benefit from a framework like Laravel often don’t just serve static content. Many deal with complex and mixed data sources, and one of the most common (and most complex) is user input and its myriad forms: URL paths, query parameters, POSTed data, and file uploads.

Laravel provides a collection of tools for gathering, validating, normalizing, and filtering user-provided data in its many forms.

The Request façade

The most common tool for accessing user data in laravel is the Request Façade. It gives easy access to all of the ways users can give input to your site: POST, posted JSON, GET (query parameters), and URL segments.

Note

The Request façade actualy exposes the entire Illuminate HTTP request object, but for now we’re only going to be looking at its methods which specifically relate to user data.

Request::all

Just like the name suggests, Request::all() gives you an array containing all of the input the user has provided, from every source. Let’s say, for some reason, you decided to have a form POST to a URL with a query parameter (e.g. sending a POST to http://myapp.com/post?utm=12345). Take a look at code snippet below to see what you’d get from Request::all(). Note: Request::all() also contains information about any files that were uploaded,

 Request::all()

// GET route form view at /get-route
<form method="post" action="/post-route?utm=12345">
    {{ csrf_field() }}
    <input type="text" name="firstName">
    <input type="submit">
</form>
// POST route at /post-route
var_dump(Request::all());

// Outputs:
/**
 * [
 *     '_token' => 'CSRF token here',
 *     'firstName' => 'value',
 *     'utm' => 12345
 * ]
 */

Request::except and Request::only

Request::except provides the same output as Request::all, but you can choose one or more fields to exclude—for example, _token. You can pass it either a string or an array of strings.

Let’s look at the same form as in code snippet above but using Request::except, in code snippet below

Request::except()
// POST route at /post-route
var_dump(Request::except('_token'));

// Outputs:
/**
 * [
 *     'firstName' => 'value',
 *     'utm' => 12345
 * ]
 */

Request::only is the inverse of Request::except, as you can see in code snippet below

 Request::except()
// POST route at /post-route
var_dump(Request::only(['firstName', 'utm']));

// Outputs:
/**
 * [
 *     'firstName' => 'value',
 *     'utm' => 12345
 * ]
 */

Request::has and Request::exists

With Request::has you can detect whether there’s a particular piece of user input available to you. Check out code snippet below for an analytics example with our utm query string parameter from the previous examples.

 Request::has()
// POST route at /post-route
if (Request::has('utm')) {
    // Do some analytics work
}

Request::exists is the same as Request::has, exist it will return TRUE if the key exists but is empty.

Request::input

Where Request::all, Request::except, and Request::only operate on the full array of input provided by the user, Request::input allows you to get the value of just a single field. Note that the second parameter is the default value, so if the user hasn’t passed in a value, you can have a sensible (and non-breaking) fallback.

Request::input()
// POST route at /post-route
$userName = Request::get('name', '(anonymous)');
Advertisements