Good Code
The good version gives reviewers one class where the accepted fields and rules are visible before controller code runs.
Lesson 02
Form request validation
Move request validation into Form Request classes so controllers receive named, reviewed input shapes.
- requests
- validation
- input
Good Code
app/Http/Requests/StoreReviewRequest.php<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
final class StoreReviewRequest extends FormRequest
{
public function rules(): array
{
// Validation rules name the accepted request shape before controller code runs.
return [
'title' => ['required', 'string', 'max:120'],
'body' => ['required', 'string', 'min:20'],
'rating' => ['required', 'integer', 'between:1,5'],
];
}
}Bad Code
app/Http/Controllers/ReviewController.php<?php
public function store(Request $request)
{
// Raw request data reaches persistence before one reviewed validation boundary.
if (! $request->title || strlen($request->body ?? '') < 20) {
abort(422);
}
return Review::create($request->all());
}Review Notes
What to review
Bad Code
The bad version mixes manual checks with $request->all(). That makes mass assignment, missing fields, and inconsistent error responses harder to catch.
Takeaways
- A controller action should work with validated input instead of reading unchecked request payloads directly.