I have a simple form that sends a value to controller:
<form action="{{route('mollie.payment')}}" method="post" >
@csrf
{{-- <input name="text" type="text">--}}
<button type="submit" name="test" value="23.00">Send</button>
</form>
This value will be static and this value cannot be modified. But of course it can be easily changed in Chrome dev tools.
How can I better implement this?
I though of doing validation like this:
public function preparePayment(Request $request)
{
$this->validate($request,[
'test' => '230.00'
]);
...
But it doesn’t work:
BadMethodCallException Method IlluminateValidationValidator::validate230.00 does not exist.
What is good way of securing this value?
Advertisement
Answer
Make use of laravel form request to validate request payload.
You can create new form request via command
php artisan make:request StorePaymentRequest
Then goto newly created file in appHttpRequests folder and write all the rules in here.
<?php
namespace AppHttpRequestsStorePaymentRequest;
use IlluminateFoundationHttpFormRequest;=
class GetPayoutRequest extends FormRequest
{
public function rules()
{
return [
'status' => 'numeric|between:23.00,23.00'
}
}
Use this StorePaymentRequest in preparePayment controller method.
public function preparePayment(StorePaymentRequest $request)
{
$requestPayload = $request->validated();
dd($requestPayload);
}
Now, request will be able to come up here if it successfully passed the validation otherwise ValidationException will be thrown automatically.