Home >PHP Framework >Laravel >About Laravel ignoring whitelist and blacklist
The following tutorial column of Laravel will introduce Laravel to ignore whitelists and blacklists. I hope it will be helpful to friends in need!
$fillable
Whitelist
: Allow insertion Field
Default is: []
$guarded
Blacklist
: Not allowed to insert fields
Default is: ['*']
//Set all fields to the blacklist culprit
$request->query->set('user_id', Auth::id());Comment::create( $request->all());
This is my favorite way of writing, if you can write one less Don't write two codes.
Of course the insertion will fail.
Manually add all field settings to protected $fillable = ['user_id','nickname',....];
It would be too troublesome not to consider this way of writing.
protectd $guarded = [];
This way of writing is better, because by default all fields are It's a blacklist, just reset it.
static $unguarded = true;
ignoreblack
white
Verification of list.
is as comfortable as solve2
.
To understand why whitelist
and blacklist
are needed, do Steps 2,3
.
And it can ensure that users cannot send data that damages
the system.
(For example, my user_id
, it is useless if the user sends user_id
)
The above is the detailed content of About Laravel ignoring whitelist and blacklist. For more information, please follow other related articles on the PHP Chinese website!