Laravel validation - input must be one of items in array
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
Mastering Whitelisting in Laravel Validation: Checking if Input Belongs to an Array
As developers working with Laravel, one of the most common requirements we face is ensuring that user input adheres to a specific set of allowed values—what we commonly call "whitelisting." For example, ensuring a user can only select 'yes', 'no', or 'maybe' for a boolean field. The question often arises: Does Laravel provide a straightforward built-in validator rule for this?
The short answer is no, there isn't a single, dedicated in_array validation rule defined natively in Laravel’s core validation system out of the box. However, this doesn't mean we cannot achieve this powerful functionality. As senior developers, our skill lies in combining Laravel's robust features—custom rules, closures, and Eloquent—to build exactly the logic we need.
This post will walk you through the best practices for implementing array-based validation in a clean, maintainable, and highly effective manner within your Laravel application.
Why Custom Validation is Necessary
Laravel’s validator is designed to be flexible. While it offers many standard rules (like required, email, numeric), complex, custom logic often requires extending the framework. Relying on core features for every edge case would lead to bloated and difficult-to-maintain code. Instead, we leverage Laravel's extensibility to define exactly how our data should be validated.
The proposed syntax you mentioned—in_array('yes', 'no', 'maybe')—is conceptually what we want, but we need to implement it using Laravel’s validation structure. We can achieve this by defining a custom rule or by using a closure within the rules() method of your Request or Controller.
Implementation Method 1: Using Custom Validation Rules (The Cleanest Approach)
For frequently used checks like whitelisting, creating a dedicated custom rule is the most reusable and elegant solution. This keeps your validation logic centralized and clean.
Step 1: Define the Custom Rule
You would typically register this rule in your AppServiceProvider or a dedicated service provider. For simplicity here, we will demonstrate applying the concept directly in the controller/request layer, which is often sufficient for smaller projects.
Step 2: Applying the Logic in Your Request
Inside your Form Request or Controller method, you can perform the array check directly using PHP's native functions, ensuring that the data integrity is met before any database interaction occurs.
use Illuminate\Http\Request;
class ItemUpdateRequest extends Request
{
public function authorize()
{
return true;
}
public function rules()
{
// Define the whitelisted values
$allowedOptions = ['yes', 'no', 'maybe'];
return [
'status' => [
'required',
'string',
// Custom check: Ensure the submitted value is present in the $allowedOptions array
function ($attribute, $value, $fail) use ($allowedOptions) {
if (!in_array($value, $allowedOptions)) {
$fail("The :attribute must be one of: " . implode(', ', $allowedOptions));
}
},
],
];
}
}
As you can see, by using a closure within the rules() method, we inject custom logic that checks if the submitted $value exists within our predefined array ($allowedOptions). This adheres to the principles of separation of concerns while providing powerful validation. This pattern is fundamental when building complex data flow in Laravel, promoting cleaner code structure, much like the architecture promoted by https://laravelcompany.com.
Conclusion: Building Robust Validation
While a direct in_array validator might seem like a simple feature request, mastering custom validation rules allows you to tailor Laravel’s built-in tools to fit your specific business logic perfectly. By using closures within the rules() method, we achieve robust data validation that is both secure and highly readable. Always favor clear, explicit custom checks over trying to force complex logic into simple built-in rules. This approach ensures that your application remains scalable and maintainable as it grows in complexity.