Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does Laravel $fillable protect when using ->update()?

In my update action of my controller, I am doing:

    $fields = $request->all();

    $snippet = Snippet::findOrFail($id);
    $snippet->update($fields);

My Snippet Eloquent has fillable like this:

protected $fillable = [
        'title',
        'snippet'
    ];

Am I secure if anyone post something else than title and snippet in $request->all(); ?

like image 365
giò Avatar asked May 26 '15 08:05

giò


2 Answers

After testing, I answer myself:

Laravel protect ->update(): that is you can't update a field if it is not present in $fillable

like image 162
giò Avatar answered Sep 28 '22 17:09

giò


Try setting $guarded with variables that will be protected against mass assignment, if $fillable is not specified, and the key is not listed in the $guarded property, the framework will assume that the key can be safely mass-assigned.

like image 33
Ardian Cakolli Avatar answered Sep 28 '22 17:09

Ardian Cakolli