Laravel Eloquent Fillable
Laravel eloquent fillable attribute is an array containing the set of fields of a table that can be filled using mass-assignment in other words eloquent fillable is the array of fields that you want to fill while using eloquent create() or update() methods.
Mass assignment
Mass assignment refers to sending an array to the model to directly create a new record in the Database.
use App\Models\User;
$user = User::create([
'name' => 'John Doe',
'email' => 'johndoe@email.com',
'password' => Hash::make('password')
]);However, before using create() method, you will need to specify either $fillable or $guarded attribute property in your respected model. These properties are required because all Eloquent models are protected against mass assignment vulnerabilities by default.
Mass Assignment Vulnerabilities
A mass assignment vulnerability occurs when a random user tries to post an unexpected HTTP request field and that field will change a column in your database that is not allowed. For example, a malicious user might send an user_type parameter through an HTTP request to your model’s create method, allowing the user to escalate themselves to an administrator user_type.
So, to prevent this, you should define which model attributes you want to make mass assignable. You may do this by using the $fillable attribute property in your desired model. For example,
class User extends Model
{
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = ['name', 'email', 'password', 'mobile'];
}Once you have specified which attributes are mass assignable, you may use the create() method to insert a new record into the database. The create() method returns the newly created model instance. You can check the above-mentioned code example.
You can get more details about this topic from here.
To get to know more about Laravel, you can check these articles too.
