In my update action of my controller, I am doing:
$fields = $request->all();
$snippet = Snippet::findOrFail($id);
$snippet->update($fields);
My Snippet Eloquent has fillable like this:
protected $fillable = [
'title',
'snippet'
];
Am I secure if anyone post something else than title and snippet in $request->all();
?
After testing, I answer myself:
Laravel protect ->update()
: that is you can't update a field if it is not present in $fillable
Try setting $guarded
with variables that will be protected against mass assignment, if $fillable
is not specified, and the key is not listed in the $guarded
property, the framework will assume that the key can be safely mass-assigned.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With