Ask Claude to Add Input Validation That Matches Your Database Schema
Missing or weak input validation is how bad data enters your database and how attackers find openings. Claude reads your schema and generates validation rules that match what the database actually requires — so invalid data gets caught at the front door.
Read the migrations and models for the orders table. Generate validation
rules for the POST /api/orders endpoint that match the column constraints.
Use our framework's validation syntax.
Claude checks column types, nullable flags, string lengths, unique constraints, and foreign keys to produce precise validation:
// Claude generates rules from your actual schema
$rules = [
'customer_id' => 'required|exists:customers,id',
'status' => 'required|in:pending,confirmed,shipped,delivered',
'total' => 'required|numeric|min:0|max:999999.99',
'notes' => 'nullable|string|max:1000',
'shipping_address_id' => 'required|exists:addresses,id',
];
Target different validation scenarios:
# Validate all endpoints at once
Read the schema and add validation to every API endpoint that accepts
user input but doesn't currently validate it. Follow the existing
validation pattern in UserController.
# Tighten existing validation
Compare the current validation rules against the database constraints.
Find any rules that are weaker than what the schema requires —
for example, accepting strings longer than the column allows.
# Add business rule validation
Beyond the schema constraints, add business rules: orders can't be
placed for out-of-stock products, users can't exceed their credit limit,
and dates must be in the future for scheduled deliveries.
# Generate frontend validation
Read the backend validation rules and generate matching client-side
validation for the form components — same rules, applied before the
request is sent.
The key advantage: Claude catches the mismatches between what your form accepts and what your database allows. A varchar(100) column with no frontend length check means a 500 error when someone pastes their entire address into the city field.
Validation should mirror your schema — let Claude read the constraints and write rules that catch every mismatch before it hits the database.
via Claude Code
Log in to leave a comment.
Set up Claude Code as an automated reviewer in your CI pipeline — on every pull request, it reads the diff, checks for bugs, security issues, missing tests, and convention violations, then posts its findings as a PR comment. Your human reviewers get a head start because the obvious issues are already flagged before they look.
Before deploying, tell Claude to read your project — migrations, environment variables, queue workers, scheduled tasks, caching, third-party integrations — and generate a deployment checklist that's specific to your app. Not a generic "did you run migrations?" list, but one that knows YOUR infrastructure and catches the things YOUR deploy can break.
Instead of writing a README from memory or copying a template, tell Claude to read your project and generate one that's actually accurate — real setup instructions from your config, real architecture from your directory structure, real API examples from your routes, and real prerequisites from your dependency files.