Complete Rule Reference#
ReqShield supports 108 validation rules, covering a vast range of validation scenarios from basic type checks to complex database and conditional logic.
This page serves as a complete reference, categorized for easy lookup.
Basic Type Rules (9)#
required#
The field under validation must be present and not empty.
'email' => 'required'
filled#
The field under validation must be present and contain a non-empty value when it is present.
'bio' => 'filled'
string#
The field under validation must be a string.
'name' => 'string'
integer#
The field under validation must be an integer.
'age' => 'integer'
numeric#
The field under validation must be numeric (integer or float).
'price' => 'numeric'
boolean#
The field under validation must be a boolean value (true, false, 1, 0, “1”, “0”).
'agreed' => 'boolean'
array#
The field under validation must be an array.
'items' => 'array'
nullable#
The field under validation may be null.
'middle_name' => 'nullable|string'
present#
The field under validation must be present in the input data but can be empty.
'field' => 'present'
Format Rules (11)#
email#
The field under validation must be formatted as an email address.
'email' => 'email'
url#
The field under validation must be a valid URL.
'website' => 'url'
active_url#
The field under validation must have a valid A or AAAA record according to the dns_get_record() PHP function.
'website' => 'active_url'
ip#
The field under validation must be an IP address. You can specify version (v4 or v6) and scope (public or private).
'server_ip' => 'ip' // Any IP
'ipv4_addr' => 'ip:v4' // IPv4 only
'ipv6_addr' => 'ip:v6' // IPv6 only
'public_ip' => 'ip:v4,public' // Public IPv4
'private_ip' => 'ip:v4,private' // Private IPv4
json#
The field under validation must be a valid JSON string.
'settings' => 'json'
uuid#
The field under validation must be a valid RFC 4122 universally unique identifier (UUID). You can specify version (1-5).
'id' => 'uuid' // Any version
'id' => 'uuid:4' // Version 4 only
ulid#
The field under validation must be a valid Universally Unique Lexicographically Sortable Identifier (ULID).
'id' => 'ulid'
mac#
The field under validation must be a valid MAC address.
'mac_address' => 'mac'
hex_color#
The field under validation must be a valid hexadecimal color code.
'color' => 'hex_color' // e.g., #FF5733 or #F57
timezone#
The field under validation must be a valid timezone identifier according to the timezone_identifiers_list() PHP function.
'timezone' => 'timezone' // e.g., 'America/New_York'
enum#
The field under validation must be a valid enum case for the given enum class. Supports backed enums and unit enums.
'status' => 'enum:App\\Enums\\OrderStatus'
String Rules (12)#
alpha#
The field under validation must be entirely alphabetic characters.
'name' => 'alpha'
alpha_num#
The field under validation must be entirely alpha-numeric characters.
'username' => 'alpha_num'
alpha_dash#
The field under validation may contain alpha-numeric characters, dashes, and underscores.
'username' => 'alpha_dash'
ascii#
The field under validation must be entirely ASCII characters.
'code' => 'ascii'
lowercase#
The field under validation must be lowercase.
'username' => 'lowercase'
uppercase#
The field under validation must be uppercase.
'code' => 'uppercase'
starts_with#
The field under validation must start with one of the given values.
'phone' => 'starts_with:+1,+44' // Must start with +1 or +44
ends_with#
The field under validation must end with one of the given values.
'domain' => 'ends_with:.com,.org,.net'
contains#
The field under validation must contain the given value. For strings, it checks substring presence. For arrays, it checks item membership.
'message' => 'contains:urgent'
doesnt_contain#
The field under validation must not contain any of the given values.
'username' => 'doesnt_contain:admin,root'
doesnt_start_with#
The field under validation must not start with any of the given values.
'username' => 'doesnt_start_with:admin,test'
doesnt_end_with#
The field under validation must not end with any of the given values.
'email' => 'doesnt_end_with:temp.com,trash.com'
Numeric Rules (14)#
min#
The field under validation must have a minimum value. For strings, it validates the length. For arrays, it validates the count. For numerics, it validates the value.
'age' => 'min:18' // Minimum value 18
'name' => 'string|min:3' // Minimum 3 characters
'items' => 'array|min:2' // Minimum 2 items
max#
The field under validation must not exceed the maximum value.
'age' => 'max:120' // Maximum value 120
'name' => 'string|max:255' // Maximum 255 characters
'items' => 'array|max:10' // Maximum 10 items
between#
The field under validation must have a size between the given min and max.
'age' => 'between:18,65'
'name' => 'string|between:3,50'
size#
The field under validation must have a size matching the given value.
'pin' => 'size:4' // Exactly 4 digits
'name' => 'string|size:10' // Exactly 10 characters
digits#
The field under validation must be numeric and must have an exact length of value.
'pin' => 'digits:4' // Must be exactly 4 digits
digits_between#
The field under validation must have a length between the given min and max.
'phone' => 'digits_between:10,15'
min_digits#
The field under validation must have a minimum number of digits.
'phone' => 'min_digits:10'
max_digits#
The field under validation must have a maximum number of digits.
'phone' => 'max_digits:15'
decimal#
The field under validation must be numeric and may contain the specified number of decimal places.
'price' => 'decimal:2' // e.g., 19.99
'rate' => 'decimal:0,4' // 0 to 4 decimal places
multiple_of#
The field under validation must be a multiple of the given value.
'quantity' => 'multiple_of:5' // Must be 5, 10, 15, etc.
gt (Greater Than)#
The field under validation must be greater than the given field.
'end_date' => 'gt:start_date'
'max_price' => 'gt:min_price'
gte (Greater Than or Equal)#
The field under validation must be greater than or equal to the given field.
'end_date' => 'gte:start_date'
lt (Less Than)#
The field under validation must be less than the given field.
'min_price' => 'lt:max_price'
lte (Less Than or Equal)#
The field under validation must be less than or equal to the given field.
'discount' => 'lte:price'
Date/Time Rules (7)#
date#
The field under validation must be a valid date according to the strtotime() PHP function.
'birthday' => 'date'
date_format#
The field under validation must match the given date format.
'date' => 'date_format:Y-m-d' // e.g., 2025-01-15
'time' => 'date_format:H:i:s' // e.g., 14:30:00
date_equals#
The field under validation must be equal to the given date.
'scheduled_date' => 'date_equals:2025-01-01'
before#
The field under validation must be a date before the given date.
'start_date' => 'before:2025-12-31'
'start_date' => 'before:end_date' // Compare with another field
before_or_equal#
The field under validation must be a date before or equal to the given date.
'start_date' => 'before_or_equal:2025-12-31'
after#
The field under validation must be a date after the given date.
'end_date' => 'after:2025-01-01'
'end_date' => 'after:start_date' // Compare with another field
after_or_equal#
The field under validation must be a date after or equal to the given date.
'end_date' => 'after_or_equal:start_date'
Conditional Rules (25)#
required_if#
The field under validation must be present and not empty if another field equals a certain value.
'reason' => 'required_if:status,rejected'
required_unless#
The field under validation must be present and not empty unless another field equals a certain value.
'phone' => 'required_unless:contact_method,email'
required_with#
The field under validation must be present and not empty only if any of the other specified fields are present.
'city' => 'required_with:state,country'
required_with_all#
The field under validation must be present and not empty only if all of the other specified fields are present.
'apartment' => 'required_with_all:street,city,state'
required_without#
The field under validation must be present and not empty only when any of the other specified fields are not present.
'email' => 'required_without:phone,address'
required_without_all#
The field under validation must be present and not empty only when all of the other specified fields are not present.
'alternative_contact' => 'required_without_all:phone,email,fax'
required_array_keys#
The field under validation must be an array and must contain all of the specified keys.
'address' => 'required_array_keys:street,city,zip'
required_if_accepted#
The field under validation must be present and not empty if another field is accepted.
'terms_date' => 'required_if_accepted:terms'
required_if_declined#
The field under validation must be present and not empty if another field is declined.
'reason' => 'required_if_declined:consent'
present_if#
The field under validation must be present (but can be empty) if another field equals a certain value.
'notes' => 'present_if:has_notes,yes'
present_unless#
The field under validation must be present unless another field equals a certain value.
'alternative' => 'present_unless:primary,available'
present_with#
The field under validation must be present if any of the other specified fields are present.
'shipping_address' => 'present_with:shipping_method'
present_with_all#
The field under validation must be present if all of the other specified fields are present.
'full_address' => 'present_with_all:street,city,state,zip'
missing#
The field under validation must not be present in the input data.
'internal_id' => 'missing'
missing_if#
The field under validation must not be present if another field equals a certain value.
'discount_code' => 'missing_if:membership_level,premium'
missing_unless#
The field under validation must not be present unless another field equals a certain value.
'promo_code' => 'missing_unless:source,partner'
prohibited#
The field under validation must not be present or must be empty.
'admin_override' => 'prohibited'
prohibited_if#
The field under validation must not be present or must be empty if another field equals a certain value.
'manual_adjustment' => 'prohibited_if:auto_calculate,true'
prohibited_unless#
The field under validation must not be present or must be empty unless another field equals a certain value.
'override' => 'prohibited_unless:role,admin'
prohibits#
If the field under validation is present and not empty, the specified fields must not be present.
'card_payment' => 'prohibits:cash,check'
exclude#
The field under validation will be excluded from the validated data.
'internal_note' => 'exclude'
exclude_if#
The field under validation will be excluded from the validated data if another field equals a certain value.
'optional_field' => 'exclude_if:include_optional,false'
exclude_unless#
The field under validation will be excluded unless another field equals a certain value.
'admin_field' => 'exclude_unless:role,admin'
exclude_with#
The field under validation will be excluded if another field is present.
'temp_id' => 'exclude_with:permanent_id'
exclude_without#
The field under validation will be excluded if another field is not present.
'secondary_email' => 'exclude_without:primary_email'
Database Rules (2)#
unique#
The field under validation must not exist within the given database table.
'email' => 'unique:users,email'
'username' => 'unique:users,username,5' // Ignore ID 5 (for updates)
'email' => 'unique:users,email,,id,false,deleted_at' // exclude soft-deleted rows
Note: Requires a DatabaseProvider implementation. See Database Rules (unique, exists).
exists#
The field under validation must exist within the given database table.
'category_id' => 'exists:categories,id'
'user_id' => 'exists:users,id'
Note: Requires a DatabaseProvider implementation. See Database Rules (unique, exists).
File Rules (11)#
file#
The field under validation must be a valid uploaded file payload.
Supports array-style $_FILES payloads and PSR-7-like uploaded file objects.
'document' => 'file'
path#
The field under validation must be a valid filesystem-style path string. You may optionally require an absolute or relative path.
'log_path' => 'path' // Any non-empty valid path string
'root_path' => 'path:absolute' // Must be absolute (/var/... or C:\...)
'cache_dir' => 'path:relative' // Must be relative (storage/cache)
image#
The field under validation must be an image (jpeg, png, bmp, gif, svg, or webp).
'avatar' => 'image'
mimes#
The file under validation must have a MIME type corresponding to one of the listed extensions.
ReqShield attempts to detect MIME type from the uploaded file content first (when
fileinfo/mime_content_type is available), then falls back to client-provided
MIME as a compatibility fallback.
'document' => 'mimes:pdf,doc,docx'
mimetypes#
The file under validation must match one of the given MIME types. ReqShield prefers MIME detection from file content when possible.
'document' => 'mimetypes:application/pdf,application/msword'
extensions#
The file under validation must have one of the extensions listed.
For upload hardening, combine file|mimetypes:...|extensions:... and use strict
allowlists.
'spreadsheet' => 'extensions:xls,xlsx,csv'
dimensions#
The file under validation must be an image meeting the dimension constraints.
'avatar' => 'dimensions:100,100,1000,1000' // minWidth,minHeight,maxWidth,maxHeight
'logo' => 'dimensions:200,200,200,200' // exact 200x200
safe_filename#
The field under validation must be a safe client filename. It rejects path separators, traversal-like names, control characters, and reserved characters often abused in upload attacks.
'filename' => 'safe_filename'
upload_id#
The field under validation must be a valid upload/chunk identifier.
Allowed characters are letters, numbers, - and _.
'upload_id' => 'upload_id'
'upload_id' => 'upload_id:64' // Optional max length override
upload_meta#
The field under validation must contain valid upload metadata
(name, size, error and related properties) for array-style payloads
or PSR-7-like uploaded file objects.
Modes:
upload_meta: validates shape and safe filename semantics.upload_meta:success(orupload_meta:strict): additionally requires successful upload state (UPLOAD_ERR_OK).
'upload' => 'upload_meta'
'upload' => 'upload_meta:success'
secure_file#
Composite upload rule that combines file and upload_meta checks.
Use this as the default upload rule when you want both file validity and
metadata hardening in one place.
'upload' => 'secure_file'
'upload' => 'secure_file:success,255' // mode, max filename length
Array Rules (5)#
in#
The field under validation must be included in the given list of values.
'status' => 'in:pending,active,completed'
'role' => 'in:admin,user,guest'
not_in#
The field under validation must not be included in the given list of values.
'username' => 'not_in:admin,root,system'
in_array#
The field under validation must exist in the values of another field (which must be an array).
'selected_item' => 'in_array:available_items'
distinct#
When working with arrays, the field under validation must not have any duplicate values.
'tags' => 'array|distinct'
'emails.*' => 'distinct' // Each email must be unique
is_list#
The field under validation must be a list (sequential, zero-indexed array).
'items' => 'is_list' // [0 => 'a', 1 => 'b'] passes, ['x' => 'a'] fails
Comparison Rules (3)#
same#
The field under validation must match the given field.
'password_confirmation' => 'same:password'
'email_confirmation' => 'same:email'
different#
The field under validation must have a different value than the given field.
'new_password' => 'different:old_password'
confirmed#
The field under validation must have a matching field of {field}_confirmation.
'password' => 'confirmed' // Looks for 'password_confirmation'
Pattern Rules (2)#
regex#
The field under validation must match the given regular expression.
'postal_code' => 'regex:/^\d{5}(-\d{4})?$/' // US ZIP code
'color' => 'regex:/^#[0-9A-F]{6}$/i' // Hex color
Note: Use any valid PHP regex delimiter.
not_regex#
The field under validation must not match the given regular expression.
'username' => 'not_regex:/[^a-zA-Z0-9_]/' // No special chars
Additional Rules (7)#
accepted#
The field under validation must be “yes”, “on”, 1, or true. Useful for validating terms of service acceptance.
'terms' => 'accepted'
accepted_if#
The field under validation must be accepted if another field equals a certain value.
'terms' => 'accepted_if:account_type,business'
declined#
The field under validation must be “no”, “off”, 0, or false.
'marketing_emails' => 'declined'
declined_if#
The field under validation must be declined if another field equals a certain value.
'newsletter' => 'declined_if:email_preference,minimal'
bail#
Stop validating this field after the first validation failure.
'email' => 'bail|required|email|max:255'
Note: ReqShield is fail-fast by default, so bail is implicit unless you change the behavior.
current_password#
The field under validation must match the authenticated user’s current password. This rule requires a callable verifier.
use Infocyph\ReqShield\Rules\CurrentPassword;
'password' => [
'required',
new CurrentPassword(
callback: fn($value, $field, $data) => password_verify($value, $currentUserPasswordHash)
),
]
callback#
Use a custom callback function for validation. See Custom Rules for detailed usage.
use Infocyph\ReqShield\Rules\Callback;
'code' => [
new Callback(
callback: fn($value, $field, $data) => $value % 2 === 0,
message: 'The code must be an even number'
)
]