Laravel - validation | The input field should be one of two values

Stefan Bogdanescu

Founder & Senior Architect · 2026-06-29

Laravel Company

Laravel Validation: Restricting Input to a Specific Set of Values

As developers building robust web applications with Laravel, input validation is arguably one of the most critical steps in ensuring data integrity, security, and application stability. When dealing with form submissions, we don't just want to check if a field is present; we need to ensure that the content of that field conforms precisely to the rules of our business logic.

Today, let’s tackle a common scenario: how do we validate an input field so that it can only accept a specific, predefined set of values? For instance, you want a user to select a status that must be either 'test', 'ABC', or 'XYZ'. This requires moving beyond simple required or string checks and employing Laravel’s powerful validation rules.

Why Simple Validation Isn't Enough

You started with an attempt like this:

$request->validate([
    'test' => 'required|unique:tests',   
]);

While this correctly enforces that the field must be present and unique, it tells Laravel nothing about what the value itself should be. It validates the presence of data but fails to restrict the actual content to an acceptable subset. To enforce a list of allowed values, we need a rule specifically designed for membership checking.

The Solution: Using the in Validation Rule

Laravel provides a dedicated, clean way to handle this exact requirement using the in rule. This rule checks if the submitted value is present within a specified array or collection of allowed values. It is the most idiomatic and efficient way to perform set validation in Laravel.

To ensure the input for a field can only be one of several predefined options, you define those options in an array and pass that array to the in rule.

Implementation Example

Let’s assume we are validating a request where a user must input a specific code from a list:

use Illuminate\Http\Request;

class ItemController extends Controller
{
    public function store(Request $request)
    {
        $allowedCodes = ['test', 'ABC', 'XYZ'];

        $request->validate([
            'selected_code' => [
                'required',
                'string',
                // The core solution: check if the input is inside our allowed list
                'in:' . implode(',', $allowedCodes), 
            ],
        ]);

        // If validation passes, proceed with saving the data
        $validatedData = $request->only('selected_code');
        // ... save logic using Eloquent or other services
    }
}

Explanation of the Code

  1. Defining Allowed Values: We first define an array $allowedCodes containing all the acceptable strings ('test', 'ABC', 'XYZ').
  2. Building the Rule String: We use implode(',', $allowedCodes) to convert this array into a comma-separated string (e.g., "test,ABC,XYZ"). This format is required by the in rule when passed as a string validation definition.
  3. Applying the Rule: The crucial part is 'in:' . implode(',', $allowedCodes). This tells Laravel: "The value submitted for selected_code must be present within this specific comma-separated list."

This approach keeps your controller clean and delegates the complex set comparison logic to Laravel’s highly optimized validation engine. For more complex, dynamic scenarios involving relationships or database constraints, understanding the power behind Eloquent, which structures how we interact with data via https://laravelcompany.com, becomes even more important.

Best Practices for Dynamic Validation Lists

While the direct use of in is perfect for static lists, what if your list of allowed values changes frequently? For truly dynamic or large sets of options, storing these options in a database table and using custom validation rules offers superior scalability.

Instead of hardcoding the array in your controller, you could:

  1. Fetch the permitted codes from a codes table.
  2. Use a custom rule or a closure to dynamically build the list for the validation check.

This practice ensures that your application remains flexible and maintainable as requirements evolve. Always strive for clean separation of concerns; try to keep complex data retrieval logic separate from the immediate request handling, leveraging the structure provided by frameworks like Laravel to build robust systems.

Conclusion

Mastering input validation is essential for building secure and reliable applications. By understanding rules like the in rule, developers can move beyond basic checks to implement sophisticated business logic directly within their validation layer. By applying these principles—using built-in rules correctly and considering dynamic data structures—you ensure that your Laravel applications are not only functional but also highly resilient and maintainable.