Laravel 中的可填写字段是否有可能被黑客入侵?
[英]Is it possible that a fillable field in Laravel can be hacked?
问题描述
class Student extends Model {
protected $fillable = [‘first_name’, ‘last_name’, ‘email’];
}
Source: https://medium.com/@kshitij206/laravel-mass-assignment-guarded-or-fillable-7c3a64b49ca6
资料来源: https://medium.com/@kshitij206/laravel-mass-assignment-guarded-or-fillable-7c3a64b49ca6
Everywhere on the Internet, they say to use fillable or guarded for security in Laravel.在 Internet 上的任何地方,他们都说在 Laravel 中使用fillable或受guarded的安全性。
But if a field is fillable, then, can this field be hacked?但是如果一个字段是可填写的,那么,这个字段可以被黑客入侵吗?
1 个解决方案
解决方案1
1 2020-05-01 11:43:58
All Eloquent models are protected against mass-assignment by default, so to use mass assignment, you should specify a fillable or guarded attribute on the model to use the create method to save a new model in a single line.默认情况下,所有 Eloquent 模型都受到保护以防止批量分配,因此要使用批量分配,您应该在 model 上指定fillable或受guarded的属性,以使用create方法在单行中保存新的 Z20F35E630DAF44DBFAC8C3F68F5399。
So the code below, should cause an error所以下面的代码应该会导致错误
$flight = App\Flight::create(['name' => 'Flight 10', 'number' => 3]);
when you have当你有
protected $fillable = ['name'];
Because you cannot mass assign the number property here.因为您不能在此处批量分配number属性。
Read more here: https://laravel.com/docs/7.x/eloquent#mass-assignment在此处阅读更多信息: https://laravel.com/docs/7.x/eloquent#mass-assignment
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.