stackoom
  简体   繁体   中英

Laravel CSRF Token handle in form save, the correct use

 原文  2021-02-20 23:23:07       php/ laravel/ csrf

Question

i'm doing a laravel 8 course and the teacher is explaining a simple crud. in one part he said that in the forms we have to include @csrf for that laravel accept the form, i understand that, but in the controller he said that first we have to exclude that field from the form post with:

$data = request()->except('_token')

is this the correct way to save the form data to the db? do laravel need that token for something more in that point? or we can trash the token?

1 answers

solution1
 0  2021-02-21 00:13:33

csrf is used only by middleware to prevent vulnerability called ( csrf ), you can read more about it like this, https://owasp.org/www-community/attacks/csrf . in your case you take all data from the request expect this token because you dont need this anymore. you should use fillable array to insert specific column in your table to protect yourself from miss assignment. like this https://laravel.com/docs/8.x/eloquent#mass-assignment .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to handle oauth2 and csrf token laravel Sonata CSRF token invalid although form correct Laravel csrf token within PHP form Adding laravel CSRF token with form data Laravel 4: Prevent multiple form submissions - CSRF Token Is it possible to handle a plain old HTML form with Symfony, but with CSRF token? Laravel behat CSRF token Laravel 5 CSRF Token Mismatch Disabled CSRF token Laravel 5 MethodNotAllowedException when send post form with csrf_token Laravel 5.4
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM