You'll be protected from SQL injection, but that's about it. You should be validating your data beforehand with the built in validation library (or the library of your choice)!
@crhayes is correct.
You can do the following:
$rules = array(
'password' => 'pass|required',
// more stuff here
);
$v = Validator::make(Input::all(), $rules);
if ($v->passes())
{
YourModel::create(Input::all());
}
// if validation fails do some other stuff here
Always validate your data if your not already
Thanks for the replies guys, it's good to know that it's safe from SQL injection. I do most definitely validate the data before sending it to the model, but I just wanted to make sure that if the validation rules have to be lenient for any reason, that it's still relatively safe to pass the input array into the create method.
Yeah by default Eloquent does not allow mass assignment, which is good for security reasons (it will throw a MassAssignmentException). You have to explicitly specify either a $fillable (whitelist) or $guarded (blacklist) property on the model to allow mass assignment.
RixhersAjazi said:
@crhayes is correct.
You can do the following:
$rules = array( 'password' => 'pass|required', // more stuff here ); $v = Validator::make(Input::all(), $rules); if ($v->passes()) { YourModel::create(Input::all()); } // if validation fails do some other stuff hereAlways validate your data if your not already
Though you should probably make a local var for Input::all() so you're not constantly calling it.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast