Auto trim all input [Laravel 5]

gistfile1.php

// Step 1. Create this class in the middleware folder.

<?php namespace App\Http\Middleware;

use Closure;

class BeforeAutoTrimmer {

	/**
	 * Handle an incoming request.
	 *
	 * @param  \Illuminate\Http\Request  $request
	 * @param  \Closure  $next
	 * @return mixed
	 */
	public function handle($request, Closure $next)
	{
		$request->merge(array_map('trim', $request->all()));
		return $next($request);
	}

}

// Step 2. Register this middleware in the application's global HTTP middleware stack (app/Http/Kernel.php)

	protected $middleware = [
		'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
		'Illuminate\Cookie\Middleware\EncryptCookies',
		'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
		'Illuminate\Session\Middleware\StartSession',
		'Illuminate\View\Middleware\ShareErrorsFromSession',
		'App\Http\Middleware\VerifyCsrfToken',
		'App\Http\Middleware\BeforeAutoTrimmer'
	];

This method will effectively ignore array inputs and not trim them.

It'd be better to use array_walk_recursive.

$input = $request->all();

// use a closure here because array_walk_recursive passes
// two params to the callback, the item + the key. If you were to just
// call trim directly, you could end up inadvertently trimming things off
// your array values, and pulling your hair out to figure out why.
array_walk_recursive($input, function(&$in) {
    $in = trim($in);
});
$request->merge($input);

One issue I'm having with this: If the input data is passed as JSON in the POST body, this middleware doesn't catch it.

It looks like this is a known issue, but not likely to change: laravel/framework#10725

Open to new ideas on the best way to trim input for requests.

Very helpful, @drakakisgeo and @jimrubenstein.

The combination of middleware and array_walk_recursive works perfectly.

Would doing a combination of @jimrubenstein and @trevorgehman work?

array_walk_recursive(), but then instead of calling, use trim_if_string()?

Essentially, the only data we want to trim are strings anyways, correct?

I'm using this to trim, and also change empty strings "" to null.

<?php namespace App\Http\Middleware;

use Closure;

class ConvertEmptyRequestValuesToNull
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request $request
     * @param  \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $input = $request->all();

        if ($input) {
            array_walk_recursive($input, function (&$item) {
                $item = trim($item);
                $item = ($item == "") ? null : $item;
            });

            $request->merge($input);
        }

        return $next($request);
    }
}

That function is awesome but it trims with password field also is a problem.
Because many person use white space for their password. So we have to filter it for password.
I think my function is update solution.

<?php

namespace App\Http\Middleware;

use Closure;

class BeforeAutoTrimmer
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $input = $request->all();
        if ($input) {
            array_walk_recursive($input, function (&$item, $key) {
                // RULES 1 FOR STRING AND PASSWORD
                if (is_string($item) && !str_contains($key, 'password')) {
                    $item = trim($item);
                }
                // RULES 2 FOR NULL VALUE
                $item = ($item == "") ? null : $item;
            });
            $request->merge($input);
        }
        return $next($request);
    }
}

Super helpful! Thank you.

Here is how I use it in a static helper class outside Laravel.

	// set trimmed & nulled request
	static function setRequest () {
		self::$request = Request::capture();
		self::$request->merge(array_map(function ($value) {
			if (is_string($value)) {
				if (empty($value)) {
					return null;
				}
				else {
					return trim($value);
				}
			}
			else {
				return $value;
			}
		}, self::$request->all()));
	}

For form submissions I use an extension of Laravel's request class that I put together here .
You can skip some fields by adding them to the untrimmable array, use dot indexing for nested keys

For Lavavel >= 5.4, please check the middlewares TrimStrings and ConvertEmptyStringsToNull.

You wish not to use strings for referencing class names. Better use \App\Some\Foo::class instead of "\App\Some\Foo" because typing-mistakes can be quickly found with first way but are hidden away with 2nd method as it is only a string where PHP cannot check if the class reference is still valid.

Example: \Apps\Some\Foo::class <-- see the small s in it? It will be quickly found by PHP.

@shojibflamon you properly want to compare type-safe, means $item === "", else maybe (int) 0 will be converted to NULL which is not intended (e.g. you have a database column is_enabled which has tinyint(1) unsigned not null default 1 then you surely want 0 be set!