When I try to persist form data, Laravel is throwing a mass assignment exception.
In the view I'm using {!! form::open(...) !!}
which I know creates _token
as a hidden field.
When the form data is sent to the controller, I'm using
$data = Input::all();
$order = Order::create($data);
$order->save();
Should I be adding a field for _token
in my database? Or am I causing an error by doing something else wrong?
Mass assignment is when you send an array to the model creation, basically setting a bunch of fields on the model in a single go, rather than one by one, something like: $user = new User(request()->all()); (This is instead of explicitly setting each value on the model separately.)
The guarded attribute is the opposite of fillable attributes. In Laravel, fillable attributes are used to specify those fields which are to be mass assigned. Guarded attributes are used to specify those fields which are not mass assignable.
The fillable property is used inside the model. It takes care of defining which fields are to be considered when the user will insert or update data. Only the fields marked as fillable are used in the mass assignment. This is done to avoid mass assignment data attacks when the user sends data from the HTTP request.
A mass assignment exception is usually caused because you didn't specify the fillable
(or guarded
the opposite) attributes in your model. Do this:
class Order extends Eloquent {
protected $fillable = ['field1', 'foo', 'bar'];
}
This way you also don't have to worry about _token
because only the specified fields will be filled and saved in the db no matter what other stuff you pass to the model.
or
protected $guarded = array();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With