Laravel and Mass Assignment Protection
Question
There's something unclear with Laravel's (5) mass assignment protection. the protection, claimed to be on by default, only works when I'm "outside" of the application, from a custom artisan command for instance. The same mass assignment code that works from the "php application" will fail on mass assignment exception when running from a custom artisan command. Why is that? This difference isn't documented anywhere.
Why is there a security difference between the "Application" and the php artisan "commands"?
Is there a way to make the artisan commands work with mass assignment without changing the fillable or guarded ?
2 answers
solution1
2 ACCPTED 2015-10-19 16:41:29
You can use the unguard command to get around having the add attributes to your fillable array.
Model::unguard();
// User::create(['some_protected_attribute'=>'some value']);
Model::reguard();
solution2
0 2022-12-29 11:35:23
Add Model::unguard() in your AppserviceProvider.php s boot method to disable mass assignment protection globally.
<?php
namespace App\Providers;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot(){
Model::unguard();
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.