Remove the _token (or exclude it) from the array you are passing to Person::create.
Person::create($request->except('_token'));
You also could potentially adjust your csrf middleware to remove the token from the inputs after it has checked it.
lagbox said:
Remove the _token (or exclude it) from the array you are passing to
Person::create.Person::create($request->except('_token'));
You also could potentially adjust your csrf middleware to remove the token from the inputs after it has checked it.
Thanks for the reply. Do you know why this happens? My other create action doesn't have this problem (I've posted it below this).
View
@extends('app')
@section('content')
<h1>Add item to inventory</h1>
<hr/>
{!! Form::open(['url' => 'inventory']) !!}
@include('partials.form', ['submitButtonText' => 'Add Item'])
{!! Form::close() !!}
@include('errors.list')
@stop
Controller Action
/**
* @param EquipmentRequest $request
* @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
*/
public function store(EquipmentRequest $request)
{
Equipment::create($request->all());
return redirect()->route('inventory.index');
}
Equipment Mode
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
class Equipment extends Model
{
protected $fillable = [
'serial',
'make',
'model',
'purchase_date',
];
protected $dates = [
'purchase_date',
'created_at',
'updated_at'
];
/**
* @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
public function transactions()
{
return $this->hasMany('App\Transaction');
}
}
The only difference that I can guess at is that I passed a class to the Form::Open method, but even then Form::model doesn't seem to have this problem.
check the ouput source code in your browser
you should have a input type hidden _token field
Where it does not, you can in your blade view, after opening the form, use
{!! csrf_field() !!}
It will generate the _token input field for you, and all should be ok!
Despite you being using guarded or fillable on your model, _token shouldn't get in the way of mass assignment!
iboinas said:
check the ouput source code in your browser
you should have a input type hidden _token field
Where it does not, you can in your blade view, after opening the form, use
{!! csrf_field() !!}It will generate the _token input field for you, and all should be ok!
Despite you being using guarded or fillable on your model, _token shouldn't get in the way of mass assignment!
The source in chrome shows a hidden input field with the _token, so I'm not sure why this is happening.
So, if the _token input field is set, you should have no problem with the request.
Please, describe or paste the error/exception that it gives you, in PersonController -> store -> Person::create($request->all());
(Given that the view renderered has the _token field!)
iboinas said:
So, if the _token input field is set, you should have no problem with the request.
Please, describe or paste the error/exception that it gives you, in PersonController -> store -> Person::create($request->all());
(Given that the view renderered has the _token field!)
Here's the DD of $request->all()
array:10 [▼
"_token" => "BUl2URPmajXDcHJv6n23EN88nNBs51nqzdl8voxq"
"first_name" => "Test"
"last_name" => "Test"
"address" => "Test"
"address_2" => ""
"city" => "Test"
"state" => "49"
"zip_code" => "12345"
"email" => "[email protected]"
"phone_number" => "910.425.1234"
]
Here's the error:
MassAssignmentException in Model.php line 448:
_token
in Model.php line 448
at Model->fill(array('_token' => 'BUl2URPmajXDcHJv6n23EN88nNBs51nqzdl8voxq', 'first_name' => 'Test', 'last_name' => 'Test', 'address' => 'Test', 'address_2' => '', 'city' => 'Test', 'state' => '49', 'zip_code' => '12345', 'email' => '[email protected]', 'phone_number' => '910.425.1234')) in Model.php line 280
at Model->__construct(array('_token' => 'BUl2URPmajXDcHJv6n23EN88nNBs51nqzdl8voxq', 'first_name' => 'Test', 'last_name' => 'Test', 'address' => 'Test', 'address_2' => '', 'city' => 'Test', 'state' => '49', 'zip_code' => '12345', 'email' => '[email protected]', 'phone_number' => '910.425.1234')) in Model.php line 568
at Model::create(array('_token' => 'BUl2URPmajXDcHJv6n23EN88nNBs51nqzdl8voxq', 'first_name' => 'Test', 'last_name' => 'Test', 'address' => 'Test', 'address_2' => '', 'city' => 'Test', 'state' => '49', 'zip_code' => '12345', 'email' => '[email protected]', 'phone_number' => '910.425.1234')) in PersonController.php line 51
at PersonController->store(object(PersonRequest))
at call_user_func_array(array(object(PersonController), 'store'), array(object(PersonRequest))) in Controller.php line 76
at Controller->callAction('store', array(object(PersonRequest))) in ControllerDispatcher.php line 146
at ControllerDispatcher->call(object(PersonController), object(Route), 'store') in ControllerDispatcher.php line 94
at ControllerDispatcher->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in ControllerDispatcher.php line 96
at ControllerDispatcher->callWithinStack(object(PersonController), object(Route), object(Request), 'store') in ControllerDispatcher.php line 54
at ControllerDispatcher->dispatch(object(Route), object(Request), 'App\Http\Controllers\PersonController', 'store') in Route.php line 174
at Route->runController(object(Request)) in Route.php line 140
at Route->run(object(Request)) in Router.php line 703
at Router->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in VerifyCsrfToken.php line 64
at VerifyCsrfToken->handle(object(Request), object(Closure))
at call_user_func_array(array(object(VerifyCsrfToken), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in ShareErrorsFromSession.php line 49
at ShareErrorsFromSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(ShareErrorsFromSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in StartSession.php line 62
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 37
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
at call_user_func_array(array(object(AddQueuedCookiesToResponse), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in EncryptCookies.php line 59
at EncryptCookies->handle(object(Request), object(Closure))
at call_user_func_array(array(object(EncryptCookies), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Router.php line 705
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 678
at Router->dispatchToRoute(object(Request)) in Router.php line 654
at Router->dispatch(object(Request)) in Kernel.php line 246
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 52
at Pipeline->Illuminate\Routing\{closure}(object(Request)) in CheckForMaintenanceMode.php line 44
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CheckForMaintenanceMode), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 32
at Pipeline->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Kernel.php line 132
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 99
at Kernel->handle(object(Request)) in index.php line 54
I think problem is you didn't prepare your model Person for mass assignment
If you want to use mass asssignment, like you are on your Person::create($request->all());
Then go to your Person model and add attribute
protected $fillable = ['first_name', 'last_name', 'etc']; // every field to fill
OR
protected $guarded= ['id', 'password', 'etc' ]; // every field to protect
Use one or the other, not both. Use the one more in handy, probably protecting with $guarded
If this doesnt point you in right situation, please post your model Person.php class here
guarded fields will not be able to be filled by mass assignment, you have to set the attribute manually,
Example:
// Person.php
...
protected $guarded= ['id', 'superpower' ]; // every field to protect
...
If you want to fill with form plus superpower with your calculated data you have to do like this
public function store(PersonRequest $request)
{
$person = new Person;
$person->fill($request->all()); // will follow the mass assignment / guarded/fillable propertie
$person->superpower = 'Superman';
$person->save();
return redirect()->route('person.index');
}
Hope you got the thing about mass assignment.
The filling will take in consideration what is $fillable, or what is $guarded.
Depending on such, every other properties will be ignored (like _token will be ignored)
Got it?? ;)
iboinas said:
Hope you got the thing about mass assignment.
The filling will take in consideration what is $fillable, or what is $guarded.
Depending on such, every other properties will be ignored (like _token will be ignored)
Got it?? ;)
So If I use $guarded instead of $protected it will ignore the token?
Did u check my 3 posts??
if you use $guarded, you will identify the columns that should NOT be filled with mass assignment, thus protecting from html/request attack.
if you use $fillable you will identify the fields that WILL be filled with mass assignment.
don't make confusion with protected. that's just declaring the model attribute as protected (OOP architecture)
so, protected is declaring the class propertie as protected.
the propertie you will use will be $guarded or $fillable. (choose whatever fits best for that model)
if you have 15 columns, all should be fillable, expect for 'id'
then go for
...
protected $guarded = ['id'];
...
mass assignment filling will ignore everything that is guarded OR will accept only what is fillable
so yes, _token will be ignored either way... $fillable or $guarded....
give it a try and give me feedback, mark post as solution if it fits you ;)
in my previous example, means that any request input with name 'id' would not be persisted to DB.
everythign else would
if there was a field on the table with name _token, yes, it would save it!
but since _token name was brilliantly chosen, you will have no problems with that!
iboinas said:
Did u check my 3 posts??
if you use $guarded, you will identify the columns that should NOT be filled with mass assignment, thus protecting from html/request attack.
if you use $fillable you will identify the fields that WILL be filled with mass assignment.
don't make confusion with protected. that's just declaring the model attribute as protected (OOP architecture)
so, protected is declaring the class propertie as protected.
the propertie you will use will be $guarded or $fillable. (choose whatever fits best for that model)
if you have 15 columns, all should be fillable, expect for 'id'
then go for
... protected $guarded = ['id']; ...mass assignment filling will ignore everything that is guarded OR will accept only what is fillable
so yes, _token will be ignored either way... $fillable or $guarded....
give it a try and give me feedback, mark post as solution if it fits you ;)
Yeah I understand the difference between $fillable and $guarded, I'm just trying to understand why Model::create would try to assign _token
By the way, thank you for the help. I very much appreciate it.
Model::create will use the method Fill
this will make use of the Model->attributes (if i remember) and change them according with the array that u pass
IF you want to dig a little deeper, go for
$a = new Person;
dd($a);
You will add 1+1 :)
But tell me, didnt $fillable or $guarded solved the issue??
I was using $fillable with the properties I wanted to assign, but I changed it to $guarded and now it's working.
Thank you. I've marked your post as the solution.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast