Bypassing $fillable Safely with forceFill() in Laravel

July 2, 2025

Bypassing $fillable Safely with forceFill() in Laravel

Ever used create() in Laravel and noticed some fields like role or status didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.

🔐 What Is Mass Assignment?

Mass assignment lets you set multiple model attributes in one go, e.g.:

User::create([
  'name' => 'John',
  'email' => '[email protected]',
  'role' => 'admin', // This won’t get saved if not fillable
]);

🛡️ Two Ways to Control Fillable Fields

1. $fillable (Whitelist)

protected $fillable = ['name', 'email'];

Only listed fields are allowed for mass assignment.

2. $guarded (Blacklist)

protected $guarded = ['role'];

Everything is fillable except the blacklisted attributes.

⚡ Enter forceFill()

When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:

$user = new User;

$user->forceFill([
  'name' => 'John',
  'email' => '[email protected]',
  'role' => 'admin',  // Will be assigned regardless of $fillable
])->save();

No need to adjust your $fillable or $guarded, and it's safe when used properly.

✔️ When to Use Each

  • $fillable: For trusted user input (forms, APIs).
  • $guarded: When many fields are fillable except a few.
  • forceFill(): For backend logic with trusted data.

Using create() without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.

Blog

Laravel Queue & Job System: From Table Creation to Production Deployment

Jul 01, 2025

🚀 Laravel Queue & Job System We’re gonna walk you through Laravel queues from setup to deploying in production using Supervisor. Step 1...

How OAuth Works

Jun 29, 2025

How OAuth Works OAuth is a protocol that allows third-party applications to access user data without sharing passwords. It's the backbone of secure a...

Object-Oriented Programming (OOP) – Core Concepts

Aug 09, 2025

Object-Oriented Programming (OOP) is a modern software development approach that divides an application into units called Objects that interact with...

React Native 0.81: A Quantum Leap in Development Environment Efficiency

Jan 27, 2026

Introduction React Native is one of the most widely used frameworks for cross-platform mobile application development. However, iOS build time ha...

The Difference Between Redux, Context & React Components in State Management

Aug 06, 2025

When building applications with React, there’s always a need to manage data that changes based on user interaction or from fetching external r...

Guide to Scroll‑Driven Animations with CSS

Jun 26, 2025

Guide to Scroll‑Driven Animations with CSS CSS animations can now be linked to user scrolling without any JavaScript — just pure CSS. 1. Thr...