Laravel ships with a wide variety of validation rules, but sometimes your application requires domain-specific validation that doesn\u2019t exist out-of-the-box. Custom validation rules allow you to encapsulate business logic in a clean, reusable way. In this guide, you\u2019ll learn multiple approaches: using closures, creating dedicated Rule classes, and leveraging dependency injection. We\u2019ll also integrate custom rules into Blade forms, controllers, and feature tests to make sure everything is robust in production.<\/p>\n\n\n\n
For simple, one-off validations you can define a closure directly inside a This prevents reserved words from being used as usernames. While closures are quick, they can\u2019t be reused across multiple forms, so prefer dedicated rules for shared logic.<\/p>\n\n\n\n Use Artisan to scaffold a new rule class:<\/p>\n\n\n This generates Now apply it in a request:<\/p>\n\n\n Custom rule classes encapsulate logic in reusable components. They can be unit tested directly, keeping validation logic isolated and clean.<\/p>\n\n\n\n Rules can access services via constructor injection. This is powerful for validating against external APIs or domain services.<\/p>\n\n\n Bind the service in the container, then Laravel will inject it when instantiating the rule. This pattern is ideal for business-critical checks like fraud prevention.<\/p>\n\n\n\n Custom validation rules behave exactly like built-in ones. Errors are displayed in Blade using Custom rules can be tested in isolation or via full feature tests. Here\u2019s a unit test for the This test ensures the rule works with both failing and passing values. For request-level validation, write Custom validation rules let you enforce domain-specific constraints in a clean and reusable way. We explored closures, dedicated rule classes, and injected rules. With proper Blade integration, user-friendly messages, and thorough testing, your forms will be both flexible and reliable.<\/p>\n\n\n\nFormRequest<\/code> or controller. The closure receives the attribute, value, and a fail callback.<\/p>\n\n\n\/\/ app\/Http\/Requests\/RegisterUserRequest.php<\/span>\nnamespace<\/span> App<\/span>\\Http<\/span>\\Requests<\/span>;\n\nuse<\/span> Illuminate<\/span>\\Foundation<\/span>\\Http<\/span>\\FormRequest<\/span>;\n\nclass<\/span> RegisterUserRequest<\/span> extends<\/span> FormRequest<\/span>\n<\/span>{\n public<\/span> function<\/span> authorize<\/span>()<\/span>: bool<\/span> <\/span>{ return<\/span> true<\/span>; }\n\n public<\/span> function<\/span> rules<\/span>()<\/span>: array<\/span>\n <\/span>{\n return<\/span> [\n 'username'<\/span> => [\n 'required'<\/span>,\n function<\/span> ($attribute, $value, $fail)<\/span> <\/span>{\n if<\/span> (str_contains(strtolower($value), 'admin'<\/span>)) {\n $fail('The '<\/span>.$attribute.' may not contain \"admin\".'<\/span>);\n }\n }\n ],\n ];\n }\n}<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\nApproach 2: Custom Rule Classes<\/strong><\/h2>\n\n\n\n
php artisan make:rule StrongPassword<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\napp\/Rules\/StrongPassword.php<\/code>:<\/p>\n\n\nnamespace<\/span> App<\/span>\\Rules<\/span>;\n\nuse<\/span> Closure<\/span>;\nuse<\/span> Illuminate<\/span>\\Contracts<\/span>\\Validation<\/span>\\ValidationRule<\/span>;\n\nclass<\/span> StrongPassword<\/span> implements<\/span> ValidationRule<\/span>\n<\/span>{\n public<\/span> function<\/span> validate<\/span>(string $attribute, mixed $value, Closure $fail)<\/span>: void<\/span>\n <\/span>{\n if<\/span> (strlen($value) < 8<\/span>\n || !preg_match('\/[A-Z]\/'<\/span>, $value)\n || !preg_match('\/[0-9]\/'<\/span>, $value)) {\n $fail('The '<\/span>.$attribute.' must be at least 8 characters and contain an uppercase letter and number.'<\/span>);\n }\n }\n}<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n\/\/ app\/Http\/Requests\/RegisterUserRequest.php<\/span>\nuse<\/span> App<\/span>\\Rules<\/span>\\StrongPassword<\/span>;\n\npublic<\/span> function<\/span> rules<\/span>()<\/span>: array<\/span>\n<\/span>{\n return<\/span> [\n 'password'<\/span> => ['required'<\/span>, new<\/span> StrongPassword],\n ];\n}<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\nApproach 3: Dependency Injection in Rules<\/strong><\/h2>\n\n\n\n
namespace<\/span> App<\/span>\\Rules<\/span>;\n\nuse<\/span> App<\/span>\\Services<\/span>\\EmailBlacklistService<\/span>;\nuse<\/span> Closure<\/span>;\nuse<\/span> Illuminate<\/span>\\Contracts<\/span>\\Validation<\/span>\\ValidationRule<\/span>;\n\nclass<\/span> NotBlacklistedEmail<\/span> implements<\/span> ValidationRule<\/span>\n<\/span>{\n public<\/span> function<\/span> __construct<\/span>(protected EmailBlacklistService $service)<\/span> <\/span>{}\n\n public<\/span> function<\/span> validate<\/span>(string $attribute, mixed $value, Closure $fail)<\/span>: void<\/span>\n <\/span>{\n if<\/span> ($this<\/span>->service->isBlacklisted($value)) {\n $fail('The email address is not allowed.'<\/span>);\n }\n }\n}<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\nBlade Form Integration<\/strong><\/h2>\n\n\n
<form method=\"POST\"<\/span> action=\"{{ route('register') }}\"<\/span>>\n @csrf\n <label>Username<\/label>\n <input name=\"username\"<\/span> value=\"{{ old('username') }}\"<\/span> \/>\n @error('username'<\/span>) <div class<\/span>=\"error<\/span>\"><\/span>{{ $message }}<\/div> @enderror\n\n <label>Password<\/label>\n <input type=\"password\"<\/span> name=\"password\"<\/span> \/>\n @error('password'<\/span>) <div class<\/span>=\"error<\/span>\"><\/span>{{ $message }}<\/div> @enderror\n\n <button type=\"submit\"<\/span>>Register<\/button>\n<\/form><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n@error<\/code> blocks, and old values are preserved across submissions.<\/p>\n\n\n\nTesting Custom Rules<\/strong><\/h2>\n\n\n\n
StrongPassword<\/code> rule:<\/p>\n\n\n\/\/ tests\/Unit\/StrongPasswordTest.php<\/span>\nuse<\/span> App<\/span>\\Rules<\/span>\\StrongPassword<\/span>;\nuse<\/span> Illuminate<\/span>\\Support<\/span>\\Facades<\/span>\\Validator<\/span>;\n\ntest('validates strong password'<\/span>, function<\/span> ()<\/span> <\/span>{\n $rule = new<\/span> StrongPassword();\n\n $v = Validator::make(['password'<\/span> => 'Weak'<\/span>], ['password'<\/span> => [$rule]]);\n expect($v->fails())->toBeTrue();\n\n $v = Validator::make(['password'<\/span> => 'StrongPass1'<\/span>], ['password'<\/span> => [$rule]]);\n expect($v->passes())->toBeTrue();\n});<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\nFeature<\/code> tests that submit forms and assert validation errors appear.<\/p>\n\n\n\nBest Practices for Custom Validation<\/strong><\/h2>\n\n\n\n
\n
Wrapping Up<\/strong><\/h2>\n\n\n\n