How to enable 'disable batch assignment' feature in laravel

In the Laravel framework, non-batch assignment is an important security feature, which helps prevent malicious users from tampering with database data. However, this feature sometimes has unclear uses, causing confusion among many programmers.

During batch assignment, the programmer saves the form data directly into the database through the create or update method. If no verification is performed, there will be great risks due to serious threats such as hacker attacks and injections. To solve this problem, Laravel introduced a feature that disables batch assignment.

The non-batch assignment means that when using the create or update method, if the fields allowed to be saved are not specified, the program will automatically filter out all illegal fields. This feature not only improves the security of the program, but also strengthens the development constraints on programmers: only explicitly allowed fields can be saved to the database.

This feature can be enabled with a very simple line of code. Use the $guarded attribute in models that need to prohibit batch assignment.

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    protected $guarded = [];
}

In the example, the $guarded property is an empty array, which means that all fields are editable.

If you want to allow only specific fields to be saved, you can set the $guarded attribute to an array containing all fields that are not allowed to be edited, or use the $fillable attribute.

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    protected $fillable = [&#39;name&#39;, &#39;email&#39;, &#39;password&#39;];
}

A better approach is to perform data validation in the controller and then save it to the database after validation. This can avoid some misoperations and safety issues.

<?php

namespace App\Http\Controllers;

use App\User;
use Illuminate\Http\Request;

class UserController extends Controller
{
    public function store(Request $request)
    {
        $validatedData = $request->validate([
            'name' => 'required|string',
            'email' => 'required|email|unique:users',
            'password' => 'required|confirmed',
        ]);

        $user = User::create($validatedData);

        return back()->with('success', 'User created successfully.');
    }
}

All input fields are verified here through the validate method. If the verification is successful, it is saved to the database. The above code is not only highly secure, but also very elegant.

In general, Laravel's non-batch assignment is a perfect mechanism that can effectively improve the security of the program. We should take advantage of this feature as much as possible to avoid unnecessary risks in development.

The above is the detailed content of How to enable 'disable batch assignment' feature in laravel. For more information, please follow other related articles on the PHP Chinese website!