stackoom
  简体   繁体   中英

Is it possible that a fillable field in Laravel can be hacked?

 原文  2020-05-01 11:24:59       laravel/ security/ mass-assignment

Question

class Student extends Model {
    protected $fillable = [‘first_name’, ‘last_name’, ‘email’];
}

Source: https://medium.com/@kshitij206/laravel-mass-assignment-guarded-or-fillable-7c3a64b49ca6

Everywhere on the Internet, they say to use fillable or guarded for security in Laravel.

But if a field is fillable, then, can this field be hacked?

1 answers

solution1
 1  2020-05-01 11:43:58

All Eloquent models are protected against mass-assignment by default, so to use mass assignment, you should specify a fillable or guarded attribute on the model to use the create method to save a new model in a single line.

So the code below, should cause an error

$flight = App\Flight::create(['name' => 'Flight 10', 'number' => 3]);

when you have

protected $fillable = ['name'];

Because you cannot mass assign the number property here.

Read more here: https://laravel.com/docs/7.x/eloquent#mass-assignment

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Update non fillable field in Laravel? Update non-fillable field in Laravel Model Can i add more data to the fillable array in a laravel Model Laravel 8 firstOrCreate Not Working With $fillable Laravel 5.4 ignores $fillable Laravel 5.2 $fillable Laravel row creation fillable Laravel $fillable not working? model permissions - laravel fillable Retrieve fillable fields in Laravel
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM