Bypassing $fillable Safely with forceFill() in Laravel

July 2, 2025

Bypassing $fillable Safely with forceFill() in Laravel

Ever used create() in Laravel and noticed some fields like role or status didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.

🔐 What Is Mass Assignment?

Mass assignment lets you set multiple model attributes in one go, e.g.:

User::create([
  'name' => 'John',
  'email' => '[email protected]',
  'role' => 'admin', // This won’t get saved if not fillable
]);

🛡️ Two Ways to Control Fillable Fields

1. $fillable (Whitelist)

protected $fillable = ['name', 'email'];

Only listed fields are allowed for mass assignment.

2. $guarded (Blacklist)

protected $guarded = ['role'];

Everything is fillable except the blacklisted attributes.

⚡ Enter forceFill()

When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:

$user = new User;

$user->forceFill([
  'name' => 'John',
  'email' => '[email protected]',
  'role' => 'admin',  // Will be assigned regardless of $fillable
])->save();

No need to adjust your $fillable or $guarded, and it's safe when used properly.

✔️ When to Use Each

  • $fillable: For trusted user input (forms, APIs).
  • $guarded: When many fields are fillable except a few.
  • forceFill(): For backend logic with trusted data.

Using create() without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.

Blog

Mastering Async Iteration in JavaScript with Array.fromAsync()

Jul 27, 2025

🔍 What Exactly is Array.fromAsync()? Array.fromAsync() is a static method introduced in ES2024 as part of JavaScript's growing support for asynchr...

Laravel 12.18.0 Update

Jun 17, 2025

Laravel 12.18.0 Update The Laravel team released version 12.18.0 with several cool updates: String encrypt() & decrypt() helpers are...

CSS Specificity: Layers vs BEM vs Utility Classes

Jun 26, 2025

CSS Specificity: Cascade Layers vs BEM vs Utility Classes This article compares three approaches to managing CSS specificity — BEM, utility‑f...

React Native 0.80 & ExecuTorch: A Powerful Leap into Offline AI for Mobile Apps

Jul 28, 2025

🚀 What’s New in React Native 0.80? The React Native 0.80 release marks a pivotal moment in mobile development. This update not only enhances...

Mastering Laravel 12 Conditional Validation

Jul 07, 2025

Mastering Laravel 12 Conditional Validation Laravel 12's validation system is super powerful, and conditional validation makes your forms...

Color Everything in CSS – Simple Guide

Jun 26, 2025

Color Everything in CSS – Simple Guide Today we’re diving into CSS colors: how to define them, especially with modern methods like lab(...