0

I'm currently building an API route in Laravel 7. I want to validate that a given parameter only appears once in the request.

https://mycool.api/?cool=false&user=me&cool=true

For a URI like the above, my desire is that Laravel would error with a message like "You sent 2 values for parameter cool". The current behavior seems to be to simply use the 2nd appearance of the parameter and in my example case set the value of cool = true.

I currently have validators like:

$rules = [
   'user' => 'required|in:me,you',
   'param' => 'accepted'
];

Is there a validator that can achieve this? Or some other Laravel built-in solution?

markjwill
  • 206
  • 5
  • 15
  • 1
    Why is this focused, since the user clearly misuse the API, i would think the current approach Laravel takes is fine? – mrhn Apr 21 '20 at 23:12
  • I agree with @mrhn, the user is misusing the API, but if you had to do something, you could potentially count the number of parameters provided. See this: [getting the count](https://stackoverflow.com/questions/14398190/php-how-to-check-total-no-parameters-in-url) – mchljams Apr 22 '20 at 00:53
  • Only one query param will be parsed actually, so you don't need to worry about duplicates – djunehor Apr 22 '20 at 01:18
  • 2
    As already suggested, this seems like the wrong place to spend more than 0 effort, but if you need something to do during quarantine, this may help: https://stackoverflow.com/questions/353379/how-to-get-multiple-parameters-with-same-name-from-a-url-in-php – Don't Panic Apr 22 '20 at 02:59
  • I agree the user is misusing the API. I would think it would make sense to let them know about their mistake instead of silently ignoring it. I would be curious for an explanation of why this mistake is not worth detecting and responding to? – markjwill Apr 22 '20 at 13:37
  • yes, if you are an api with the size of stripe. Withouth knowing your project there is probably a 100 improvements you can do instead of validating query params :) testing, security, clean code etc. – mrhn Apr 23 '20 at 10:01
  • Why would the particular project or its size have any bearing? If an application receives the same parameter twice, in almost all cases that is a mistake. The application itself would be the final say on if it is an error and if in fact, it is, a user-friendly application should respond with a notice "Hey you might want to fix your mistake" – markjwill Apr 23 '20 at 14:13
  • It depends on your circumstances. Is this something likely to happen? Do users have to manually construct URLs to use your API? Are there a lot of parameters, so maybe easy to lose track of which are already specified? Are some parameters *supposed* to be duplicated? How likely your edge cases are, and how many of those edge cases you want to cover, is up to you. But typically you wouldn't want to devote too much effort to edge cases, bcs, well, *edge*. – Don't Panic Apr 24 '20 at 00:27

1 Answers1

0

Based on the comments to the question, the answer appears to be a no for a Laravel built-in solution. Though as always custom solutions can be built.

The reason the answer is no is still unclear. But again, from the comments, the sentiment is that an error resulting from an unintentionally duplicated URI parameter should simply be ignored.

markjwill
  • 206
  • 5
  • 15