There's something unclear with Laravel's (5) mass assignment protection. the protection, claimed to be on by default, only works when I'm "outside" of the application, from a custom artisan command for instance. The same mass assignment code that works from the "php application" will fail on mass assignment exception when running from a custom artisan command. Why is that? This difference isn't documented anywhere.
Why is there a security difference between the "Application" and the php artisan "commands"?
Is there a way to make the artisan commands work with mass assignment without changing the fillable
or guarded
?
You can use the unguard command to get around having the add attributes to your fillable array.
Model::unguard();
// User::create(['some_protected_attribute'=>'some value']);
Model::reguard();
Add Model::unguard()
in your AppserviceProvider.php
s boot method to disable mass assignment protection globally.
<?php
namespace App\Providers;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot(){
Model::unguard();
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.