Form Requests and Validation

Promote validation and authorization to dedicated Form Request classes. Keep controllers focused on orchestration and domain intents.

Commands

Create a request

sail artisan make:request UpdateProfileRequest # or: php artisan make:request UpdateProfileRequest

Use in controller method signature

public function update(UpdateProfileRequest $request) { $data = $request->validated(); // ... }

Patterns

• Define authorize() to gate access; prefer Policies for complex checks

• Use rule objects: Rule::unique('users', 'email')->ignore($user->id)

• Validate nested arrays: items.*.sku , addresses.home.city

• Prefer nullable

• specific rules instead of sometimes for optional fields

• Standardize attribute names / messages via attributes() and messages()

• Centralize common rules in custom Rule classes or traits

• Return $request->safe()->only([...]) when partial updates are intended

Testing

• Feature test the endpoint: assert validation errors and success flows

• Unit test custom validators and rule objects in isolation