Home>Article>PHP Framework> About Laravel ignoring whitelist and blacklist
The following tutorial column ofLaravelwill introduce Laravel to ignore whitelists and blacklists. I hope it will be helpful to friends in need!
$fillableWhitelist:Allow insertion FieldDefault is:[]$guardedBlacklist:Not allowed to insert fieldsDefault is:['*']//Set all fields to the blacklist culprit
$request->query->set('user_id', Auth::id());Comment::create( $request->all());
This is my favorite way of writing, if you can write one less Don't write two codes.
Of course the insertion will fail.
Manually add all field settings toprotected $fillable = ['user_id','nickname',....];
It would be too troublesome not to consider this way of writing.
protectd $guarded = [];
This way of writing is better, because by default all fields are It's a blacklist, just reset it.
static $unguarded = true;
ignoreblackwhiteVerification of list.
is as comfortable assolve2.
To understand whywhitelistandblacklistare needed, doSteps 2,3.
And it can ensure that users cannot send data thatdamagesthe system.
(For example, myuser_id, it is useless if the user sendsuser_id)
The above is the detailed content of About Laravel ignoring whitelist and blacklist. For more information, please follow other related articles on the PHP Chinese website!