Bypassing $fillable Safely with forceFill() in Laravel
July 2, 2025Bypassing $fillable Safely with forceFill() in Laravel
Ever used create() in Laravel and noticed some fields like role or status didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.
🔐 What Is Mass Assignment?
Mass assignment lets you set multiple model attributes in one go, e.g.:
User::create([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // This won’t get saved if not fillable
]);🛡️ Two Ways to Control Fillable Fields
1. $fillable (Whitelist)
protected $fillable = ['name', 'email'];Only listed fields are allowed for mass assignment.
2. $guarded (Blacklist)
protected $guarded = ['role'];Everything is fillable except the blacklisted attributes.
⚡ Enter forceFill()
When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:
$user = new User;
$user->forceFill([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // Will be assigned regardless of $fillable
])->save();No need to adjust your $fillable or $guarded, and it's safe when used properly.
✔️ When to Use Each
- ✅
$fillable: For trusted user input (forms, APIs). - ✅
$guarded: When many fields are fillable except a few. - ✅
forceFill(): For backend logic with trusted data.
Using create() without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.
Blog
Bypassing $fillable Safely with forceFill() in Laravel
Jul 02, 2025
Bypassing $fillable Safely with forceFill() in Laravel Ever used create() in Laravel and noticed some fields like role or status didn’t save? T...
React Native 0.80 & ExecuTorch: A Powerful Leap into Offline AI for Mobile Apps
Jul 28, 2025
🚀 What’s New in React Native 0.80? The React Native 0.80 release marks a pivotal moment in mobile development. This update not only enhances...
Analyze Laravel Projects with Introspect
Jul 01, 2025
Analyze Laravel Codebases with Laravel Introspect If you’re doing a complex refactor or building dev tools, Laravel Introspect helps you quer...
React History – A Professional Developer’s Perspective
Jul 26, 2025
1. Origins: Born Inside Facebook In 2011, Facebook engineers faced the increasing complexity of building interactive UIs at scale. They developed...
Efficient Reporting & Big Data Reports with Queues
Jul 07, 2025
How to cache report queries with fixed timelines How to generate large reports asynchronously using job queues 1. 🧠 Report Query Caching wi...
Mastering Laravel Context: Advanced Logging and Contextual Job Tracing
Jul 20, 2025
Laravel Context is one of the most powerful new features in Laravel 12. It allows you to attach contextual data (like user ID, IP address, request pat...
