About Laravel ignoring whitelist and blacklist

The following tutorial column of Laravel will introduce Laravel to ignore whitelists and blacklists. I hope it will be helpful to friends in need!

                                                       

Difference

$fillable Whitelist: Allow insertion Field Default is: []
$guarded Blacklist: Not allowed to insert fields Default is: ['*'] //Set all fields to the blacklist culprit

Code

$request->query->set('user_id', Auth::id());Comment::create( $request->all());

This is my favorite way of writing, if you can write one less Don't write two codes.
Of course the insertion will fail.

Solution 1

Manually add all field settings to protected $fillable = ['user_id','nickname',....];

It would be too troublesome not to consider this way of writing.

Solution 2

protectd $guarded = [];

This way of writing is better, because by default all fields are It's a blacklist, just reset it.

Solution 3

static $unguarded = true;

ignoreblack white Verification of list.
is as comfortable as solve2.

Questions 2 and 3

To understand why whitelist and blacklist are needed, do Steps 2,3.

And it can ensure that users cannot send data that damages the system.
(For example, my user_id, it is useless if the user sends user_id)

The above is the detailed content of About Laravel ignoring whitelist and blacklist. For more information, please follow other related articles on the PHP Chinese website!