Support the ongoing development of Laravel.io →
Security Input Eloquent
Last updated 2 years ago.
0

You'll be protected from SQL injection, but that's about it. You should be validating your data beforehand with the built in validation library (or the library of your choice)!

Last updated 2 years ago.
0

@crhayes is correct.

You can do the following:

$rules = array(
    'password' => 'pass|required', 
    // more stuff here
);

$v = Validator::make(Input::all(), $rules);

if ($v->passes())
{
    YourModel::create(Input::all());
}

// if validation fails do some other stuff here

Always validate your data if your not already

Last updated 2 years ago.
0

Thanks for the replies guys, it's good to know that it's safe from SQL injection. I do most definitely validate the data before sending it to the model, but I just wanted to make sure that if the validation rules have to be lenient for any reason, that it's still relatively safe to pass the input array into the create method.

Last updated 2 years ago.
0

Yeah by default Eloquent does not allow mass assignment, which is good for security reasons (it will throw a MassAssignmentException). You have to explicitly specify either a $fillable (whitelist) or $guarded (blacklist) property on the model to allow mass assignment.

Last updated 2 years ago.
0

RixhersAjazi said:

@crhayes is correct.

You can do the following:

$rules = array(
   'password' => 'pass|required', 
   // more stuff here
);

$v = Validator::make(Input::all(), $rules);

if ($v->passes())
{
   YourModel::create(Input::all());
}

// if validation fails do some other stuff here

Always validate your data if your not already

Though you should probably make a local var for Input::all() so you're not constantly calling it.

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.