Framework: Fillable not respected on update
I think I found a bug, not 100% sure.
Using the update method on a model should respect the fillable array right? I'm trying to update a model, but it allows other data as well at the moment.
protected $fillable = array('email');
User::find(1)->update(['email' => '[email protected]', 'evil_field' => 'some value']); // Should ignore "evil_field" correct? In my case it doesn't
User::find(1)->update(Input::all()); // Unknown column '_token' , shouldn't this be stripped out because It's not on the fillable array
User::create(Input::all()); // Does remove posted fields like '_token'
PhiloNL
All 5 comments
Hey PhiloNL .. did u resolve this issue. Currently i am facing the same problem
kinley-nidup
on 30 Sep 2013
Okay guys I know. I was helped by replace Input::all() to Input::only().
JustRomanov
on 21 Oct 2013
As far as I know this is expected behaviour guys. The update method is on
the builder and not the model (from memory), so it doesn't pass through the
fillable array. Use Input::only().
On 22 Oct 2013 08:26, "JustRomanov" [email protected] wrote:
Have same problem. Anyone can help?
—
Reply to this email directly or view it on GitHubhttps://github.com/laravel/framework/issues/2063#issuecomment-26758269
.
jasonlewis
on 22 Oct 2013
.... Think below code worked for me ......
$submittedValues=Inputr::all();
$model1= new $YourModelName();
$model1=$YourModelName::find($submittedValues['Id']);
$model1->fill($submittedValues);
$model1->update();
kinley-nidup
on 22 Oct 2013
Create a helper function for this:
function getModelFillables($modelName) {
return App::make($modelName)->getFillable();
}
Then, when updating:
$entry->update( Input::only( getModelFillables( "ModelNameHere" ) ) );
tpalts
on 9 Dec 2014
Related issues
jackmu95
·
3Comments
gabriellimo
·
3Comments
lzp819739483
·
3Comments
kerbylav
·
3Comments
SachinAgarwal1337
·
3Comments
Most helpful comment
.... Think below code worked for me ......
$submittedValues=Inputr::all();
$model1= new $YourModelName();
$model1=$YourModelName::find($submittedValues['Id']);
$model1->fill($submittedValues);
$model1->update();