Binput Is An Input Protector For Laravel 5

v3.6.0 2017-01-01 13:34 UTC


Laravel Binput was created by, and is maintained by Graham Campbell, and is an input protector for Laravel 5 that prevents potentially dangerous elements like <script> tags in any input you receive, from doing harm. It utilises my Laravel Security package. Feel free to check out the change log, releases, license, and contribution guidelines.

Laravel Binput

StyleCI Status Build Status Coverage Status Quality Score Software License Latest Version


Laravel Binput requires PHP 5.5+. This particular version supports Laravel 5.1, 5.2, 5.3, or 5.4 only.

To get the latest version, simply require the project using Composer:

$ composer require graham-campbell/binput

Once installed, you need to register the GrahamCampbell\Security\SecurityServiceProvider and GrahamCampbell\Binput\BinputServiceProvider service providers in your config/app.php, and optionally alias our facade:

        'Binput' => GrahamCampbell\Binput\Facades\Binput::class,


Laravel Binput requires no configuration. Just follow the simple install instructions and go!



This is the class of most interest. It is bound to the ioc container as 'binput' and can be accessed using the Facades\Binput facade. There are a few public methods of interest.

The 'all', 'get', 'input', 'only', 'except', and 'old' methods have an identical api to the methods found on the laravel request class accept from they all accept two extra parameters at the end. The first extra parameter is a boolean representing if the input should be trimmed. The second extra parameter is a boolean representing if the input should be xss cleaned. Both extra parameters are default to true.

There are two additional methods added to the public api. The first is a method called 'map' which will remap the output from the 'only' method. The 'map' function requires an associative array as the first parameter. The second method is the 'clean' function. It takes three parameters. The first is the value to be cleaned (it can be an array, and will be recursively iterated over and cleaned), and the final two are trim and clean, which behave in the same way as earlier.

Any methods not found on this binput class will actually fall back to the laravel request class with a dynamic call function, so every other method on the request class is available in exactly the same way it would be on the Laravel request class.


This facade will dynamically pass static method calls to the 'binput' object in the ioc container which by default is the Binput class.


This class contains no public methods of interest. This class should be added to the providers array in config/app.php. This class will setup ioc bindings.

Real Examples

Here you can see an example of just how simple this package is to use.

// request input data: ['test' => '123', 'foo' => '<script>alert(\'bar\');</script>    ']

$input = Binput::all(); // ['test' => '123', 'foo' => '[removed]alert&#40;\'bar\'&#41;;[removed]']


If you discover a security vulnerability within this package, please send an e-mail to Graham Campbell at All security vulnerabilities will be promptly addressed.


Laravel Binput is licensed under The MIT License (MIT).