Im creating a survey that is sent by newsletter email, and basically the app records the user data based on the email of the user, if the email isnt present in the route isnt possible to fill in the survey, but im not quite sure if im doing it right way and also for security purpose maybe i should have some kind of validation regarding the email. Can someone suggest me what is the best practise or the way im doing is already alright?!
The url that the users enter is like:
http://domain.com/surveys/23/email@hotmail.com/show
Here is my code:
Route:
Route::get('surveys/{id}/{email}/show/', 'SurveyController@show');
Controller:
public function show($id,$email)
{
$survey = Survey::find($id);
$email = $email;
return view('admin.surveys.show', compact('survey','email'));
}
View:
Html
...
@if(!empty($email))
show the survey form
@else
A message saying is not possibile fill without a email
@endif
Note: The survey is completelly a part from the newsletter system, it cannot have any kind of integration between them.
Definitely you should validate if e-mail was provided. In controller you should do check like this:
$this->validate($request, [
'email' => 'required|email|exists:users,email',
]);
Example above will make sure that e-mail was provided (required), if is actually an email and if it exists in database (table users, column email).
You can read more about this in documentation. On this page you can also check all available rules if I missed any that could be used.
EDIT: Please also remember to add "Request $request" as method parameter, like so:
public function show(Request $request, $id,$email) {...}
Regarding Larans sugegstion to inject the Request as well.. Maybe you don't need it in the show method. If you feel it messes with your code, maybe inject it in the constructor...
private $request;
public function __construct(Request $request)
{
$this->request = $request;
}
And do the validation in your show method,