This in-depth tutorial will guide you through everything you need to know about creating forms and handling validation in Laravel. From building simple form fields to applying advanced validation rules, you’ll learn how to collect and secure user input with confidence.
Table of contents [Show]
One of the most common tasks in web development is collecting data from users. Whether it’s a registration form, login form, or contact form, you need a way to capture input safely. Laravel provides a powerful system for building forms and validating input effortlessly. In this guide, we’ll explore how to create forms, validate them, and secure user data using Laravel’s built-in features.
Forms are the gateway to collecting data in your application. Validation ensures the data collected is accurate, safe, and secure before it’s processed or stored in your database. Without proper validation, your application could face problems like:
Before diving in, let’s set up a fresh Laravel project to work with forms.
composer create-project laravel/laravel laravel-formsNext, start the local server:
php artisan serve
// routes/web.php
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\ContactController;
Route::get('/contact', [ContactController::class, 'index']);
Route::post('/contact', [ContactController::class, 'store']);
php artisan make:controller ContactController
// app/Http/Controllers/ContactController.php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
class ContactController extends Controller
{
public function index()
{
return view('contact');
}
public function store(Request $request)
{
dd($request->all()); // For debugging input
}
}
<!DOCTYPE html>
<html>
<head>
<title>Contact Form</title>
</head>
<body>
<form action="/contact" method="POST">
@csrf
<label for="name">Name:</label>
<input type="text" name="name"><br>
<label for="email">Email:</label>
<input type="email" name="email"><br>
<label for="message">Message:</label>
<textarea name="message"></textarea><br>
<button type="submit">Submit</button>
</form>
</body>
</html>
Notice the @csrf directive in the form. Laravel automatically includes CSRF tokens to protect against cross-site request forgery attacks. This ensures that only authorized forms from your application can submit data.
Now let’s add validation to ensure users provide correct input.
// app/Http/Controllers/ContactController.php
public function store(Request $request)
{
$validated = $request->validate([
'name' => 'required|min:3',
'email' => 'required|email',
'message' => 'required|max:500'
]);
return "Form validated successfully!";
}
Validation errors can be displayed directly in the form using Blade directives:
@if ($errors->any())
<div >
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
For larger applications, it’s better to use Form Request classes for validation.
php artisan make:request ContactRequest
// app/Http/Requests/ContactRequest.php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class ContactRequest extends FormRequest
{
public function rules()
{
return [
'name' => 'required|min:3',
'email' => 'required|email',
'message' => 'required|max:500',
];
}
}
// app/Http/Controllers/ContactController.php
use App\Http\Requests\ContactRequest;
public function store(ContactRequest $request)
{
return "Form validated with FormRequest!";
}
public function messages()
{
return [
'name.required' => 'Your name is required!',
'email.email' => 'Please provide a valid email address.',
];
}
unique:users,email – ensures email is unique.confirmed – ensures confirmation field matches.regex:/^[A-Za-z0-9]+$/ – matches a pattern.Here are some commonly used validation rules in Laravel:
| Rule | Description |
|---|---|
| required | Field must not be empty |
| Must be a valid email address | |
| max:value | Maximum length or value |
| min:value | Minimum length or value |
| unique:table | Value must be unique in a table |
When validation fails, Laravel automatically redirects back with the old input. In your Blade form, you can use:
<input type="text" name="name" value="{{ old('name') }}">
$request->validate([
'avatar' => 'required|image|mimes:jpg,png,jpeg|max:2048',
]);
@csrf for protection.old() to repopulate forms on error.Laravel makes form handling and validation straightforward, secure, and flexible. With CSRF protection, built-in validation rules, error handling, and form requests, you can confidently build forms that not only collect data but also safeguard your application. By mastering these concepts, you’ll be well-prepared to create professional-grade web applications that deliver both functionality and security.
This article is a comprehensive tutorial on using the Prohibited Validation Rules in Laravel. You will learn how to apply prohibited, prohibited_if, and prohibited_unless with clear explanations, real-life scenarios, and code examples. This guide is perfect for developers who want to master advanced validation techniques in Laravel applications.
This detailed tutorial explores request validation in Laravel controllers. You’ll learn multiple techniques—basic controller validation, using form request classes, custom rules, conditional validation, error handling, localization, and best practices. With practical examples, code snippets, and structured explanations, this article is designed for beginners to advance learner.
This guide teaches you how to deploy Laravel applications to production servers. From preparing your environment and configuring Nginx or Apache, to database migrations, caching, performance optimization, CI/CD pipelines, and security practices—this article covers everything step by step.It’s suitable for both beginners and advanced developers who want to ship stable, secure & scalable app.
