Hello guys, in our company we always had form validation done on server (Laravel), Im testing payload now and can't find any tips in docs how to do it. Im submiting my form from nextjs app, do I have to validate my inputs on frontend?

tylandavis
11 months ago
Hey @dzordz., can you tell me a little bit about how you are setting up your forms?

Are you using
plugin-form-builder
by chance?
dzordz.11 months ago
Yes I do, i marked some fields as required but I did not 'get' them from backend. Im testing forms on some old app (formik inputs), so I only send my data to api URL but the submission is always successfull.
tylandavis
11 months ago
I would say it's a good idea to validate on the frontend, that way the the user is able to see the errors before a request to the API is made. You can add a
required
attribute to your inputs that will be applied only if the field is marked required, like so:
```
<input type="text" required={field.required} />
```
dzordz.11 months ago
Many thanks, it was just weird for me to validate forms on frontend. In my workplace backend always did it. Can you tell me how secure is that? Do you always validate on frontend?
tylandavis
11 months ago
Regarding security, the more validation the better. If you still want to validate on the server, that's possible as well.

One way you can do this is to create an endpoint in your Payload app to check validity, and create a new form-submission if it passes. Then you would send your data to your custom endpoint instead of to your
api/form-submissions
endpoint. You can then use the overrides in the plugin to set the access control to not allow create operations on your form-submissions collection. From your custom endpoint you can use the Local API to create forms-submissions.

More on Custom Endpoints here:

https://payloadcms.com/docs/rest-api/overview#custom-endpoints
dzordz.11 months ago
Awesome, many thanks for help!
tylandavis
11 months ago
You're welcome!
_veth_11 months ago
Let me hop in because this is my concern also. Is there any danger to only validate on frontend? Maybe validating simple contact form input on backend is just too much.
jacobsfletch
11 months ago
The right way to do this would be to have Payload itself validate all form submissions when they are created. There would be no need for custom validation endpoints, no reliance on front-end validations, just try and save a document and Payload will reject it if necessary. All forms on the web really should have
both
front-end
and
backend validations. This was always possible to wire in yourself as @tylandavis describes but in reality you should not have to do anything extra on top of the existing validations that you'd normally write into your Payload config. This is something we were always planning on doing, there's even a little code comment indicating exactly where this would be written, but it has not been done yet. I went ahead and opened a ticket just now for this so we can ensure track progress:
https://github.com/payloadcms/plugin-form-builder/issues/50
_veth_11 months ago
Thanks for in depth explanation!

Open

Continue the discussion in Discord

Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.