Best IT Recipes

What does “mass appropriation” mean in Laravel?

When I looked through the Laravel Document section on the partial brightness of ORM, I got a new term for Mass Assignment .

Displaying a document How to bulk assign and configure fillable or guarded properties. But after that I did not know about Mass Assignment and how it works.

In my past experience with CodeIgniter, I also have not heard of this term.

Does anyone have a simple explanation?

+132
php laravel mass-assignment
Mar 09 '14 at 7:14
source share
5 answers

Bulk assignment is when you send an array to create a model, basically setting up a bunch of fields in the model at a time, and not one after the other, something like:

 $user = new User(Input::all());

(This is instead of explicitly setting each value in the model separately.)

You can use fillable to protect the fields that you want it to really allow updates.

Let's say your user table has a user_type field that can have user / admin values

Obviously, you do not want users to be able to update this value. Theoretically, if you used the above code, someone could enter a new field for user_type in the form and send an “admin” along with other form data and easily switch your account to the administrator account ... bad news.

By adding:

 $fillable = array('name', 'password', 'email');

You guarantee that only those values ​​can be updated using mass assignment

To update the value of user_type , you need to explicitly set it on the model and save it, for example:

 $user->user_type = 'admin'; $user->save();
+180
Mar 09 '14 at 7:33
source share

Mass assignment is the process of sending an array of data that will be stored in the specified model at a time. As a rule, you do not need to save data in your model separately, but rather in one process.

Bulk assignment is good, but there are certain security issues behind it. What to do if someone passes the value to the model and without protection can definitely change all fields, including the identifier. This is not good.

Suppose you have a table of "students", with the fields "student_type, first_name, last_name" . You might want to bulk assign "first_name, last_name", but you want to protect student_type from changing directly. Where it is filled and guarded .

Fillable allows you to specify which fields can be assigned by mass in your model, you can do this by adding the special variable $fillable to the model. So in the model:

 class Student extends Model { protected $fillable = ['first_name', 'last_name']; //only the field names inside the array can be mass-assign }

'student_type' are not included, which means they are freed.

It is protected from the back. If the fillable parameter indicates which fields should be assigned by mass, the guardiled parameter indicates which fields cannot be assigned by mass. So in the model:

 class Student extends Model { protected $guarded = ['student_type']; //the field name inside the array is not mass-assignable }

You should use either $ fillable or $ guarded - but not both.

For more information, open the link: - Mass assignment

+21
Apr 05 '18 at 10:12
source share

Mass assignment means that you fill a row with more than one column using an array of data. (multiple shortcuts instead of manually building an array) using Input::all() .

Technically, only from the head. Fillable means that columns in the table can be inserted, protection means that the model cannot be inserted in this particular column.

Please note that when you try to perform a mass assignment using paste in the column named "secret" and you indicated that it is protected, you can try to paste it through the model, but it will never be inserted into the database.

This concerns the security and protection of your table when using the model. A massive assignment seems to be just a notification or warning that you have not indicated a model that is full and protected and makes it vulnerable to any attacks.

+5
Mar 09 '14 at 7:32
source share

UPDATE

For Laravel 5.x you can refer to the latest mass assignment document

OR

A well detailed explanation of when to use fillable or protected

+3
Nov 24 '15 at 12:16
source share

This is when an array of received data is immediately stored in the model.

Due to security issues with this method in laravel, he recommended that you define the fields that you want the requested data to fill in the model.

You can use the $fillable variable to determine the fields that you want to fill in the database table.

for example

 Protected $fillable = ['username, 'dob, 'email,];

When laravel discovers that you are mass assigning data, it forces you to define the fields that you want to mass assign in the model class.

Someone can easily transfer unnecessary HTML data to your database.

+1
Jun 24 '19 at 7:15
source share


More articles:


All Articles