Laravel“字段列表”中的未知列“ _token”
[英]Laravel Unknown column '_token' in 'field list'
问题描述
I've noticed strange behaviour over some Laravel apps. 
我注意到某些Laravel应用程序有奇怪的行为。
When I run lets say 我跑步时说
Users::where("id",$request->input("id"))->update($request->input());
Sometimes it goes through fine. 有时情况会很好。 In other cases I get 在其他情况下
Unknown column '_token' in 'field list'
So sometimes it only reads what is set in the $fillable parameter, and other times it takes everything from $request->input() . 因此,有时它仅读取$fillable参数中设置的内容,而其他时候则从$request->input()获取所有内容。 I keep comparing different models and see no difference. 我一直在比较不同的模型,没有发现任何差异。 I know I can work around it by using the $request->only([]) method, but does anybody else have or had this issue and perhaps know a reason behind it? 我知道我可以通过使用$request->only([])方法来解决此问题,但是其他人是否曾经遇到或遇到过这个问题,也许知道背后的原因?
Edit 编辑
This is my model.php 这是我的model.php
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class BookingRequests extends Model
{
//
protected $fillable = array(
"account_id",
"quote_id",
"booking_id",
"website_id",
"color",
"custom_group_name",
"is_confirmed",
"ready_to_issue",
"created_by",
);
/**
* Return Quote
* @return \Illuminate\Database\Eloquent\Relations\BelongsTo
*/
public function Quote(){
return $this->belongsTo('App\Quotes',"quote_id","id");
}
}
This is my controller 这是我的控制器
/**
* Update Booking Reques
* @param Request $request
*/
public function update(Request $request){
/**
* Validate
*/
$this->validate($request,array(
"id" => "required"
));
/**
* Update
*/
BookingRequests::where("id",$request->input("id"))->update($request->input());
/**
* Return
*/
return redirect()->back()->with("success","Booking updated");
}
This is being run on Laravel 5.3.31 这正在Laravel 5.3.31上运行
3 个解决方案
解决方案1
4 已采纳 2017-11-18 19:41:36
To be honest what you are doing now is really risky. 老实说,您现在正在做的事情确实有风险。 In fact it's possible now to update any fields no matter of $fillable property. 实际上,现在无论$fillable属性如何,都可以更新任何字段。 This is because you are now updating like this: 这是因为您现在正在像这样进行更新:
Users::where("id",$request->input("id"))->update($request->input());
When you are making update like this in fact you are making update directly in database and Eloquent things are not used so the query that is executed looks something like this: 实际上,当您像这样进行更新时,您是直接在数据库中进行更新,并且不使用口才的东西,因此执行的查询如下所示:
UPDATE users SET a=1, b=2 WHERE id = 5
so if anyone sends existing columns in this table they will be updated what is very very risky because you don't want anyone to modify columns you don't want to. 因此,如果有人发送了该表中的现有列,它们将被更新,这是非常危险的,因为您不希望任何人修改您不想更改的列。
But if you do something like this: 但是,如果您执行以下操作:
$user = Users::where("id",$request->input("id"))->firstOrFail();
$user->update($request->input());
In above case Eloquent is used (first you find record in database and it's Eloquent model and then you try to update this Eloquent model), so now it's possible to update only fields that are in $fillable (assuming you are using 'fillable-way' but you do looking at your model). 在上述情况下,使用了Eloquent(首先在数据库中找到记录,并且是Eloquent模型,然后尝试更新此Eloquent模型),因此现在可以仅更新$fillable字段(假设您使用的是'fillable-way ',但您确实要查看自己的模型)。 So now, no matter what is send in request, only fields in $fillable will be updated. 因此,现在,无论请求中发送了什么,都只会更新$fillable字段。
Obviously above could be written in a bit shorter way: 显然,上面的内容可以写得更短一些:
$user = Users::findOrFail($request->input("id"));
$user->update($request->all());
or even in one like like this: 甚至像这样:
Users::findOrFail($request->input("id"))->update($request->all());
解决方案2
1 2017-11-18 16:46:37
You could use $request->except('_token'); 您可以使用$request->except('_token'); By the way, check twice, that all data what could come by request is expected. 顺便说一句,检查两次,以确保所有数据都可以通过请求得到。
解决方案3
0 2017-11-18 17:26:02
sometimes this error happens不会sometimes this error happens , $fillable仅适用于批量分配,且创建/插入不在更新中,因此更新时,请包括_token列。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.