Bypassing $fillable Safely with forceFill() in Laravel
July 2, 2025Bypassing $fillable
Safely with forceFill()
in Laravel
Ever used create()
in Laravel and noticed some fields like role
or status
didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.
🔐 What Is Mass Assignment?
Mass assignment lets you set multiple model attributes in one go, e.g.:
User::create([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // This won’t get saved if not fillable
]);
🛡️ Two Ways to Control Fillable Fields
1. $fillable
(Whitelist)
protected $fillable = ['name', 'email'];
Only listed fields are allowed for mass assignment.
2. $guarded
(Blacklist)
protected $guarded = ['role'];
Everything is fillable except the blacklisted attributes.
⚡ Enter forceFill()
When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:
$user = new User;
$user->forceFill([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // Will be assigned regardless of $fillable
])->save();
No need to adjust your $fillable
or $guarded
, and it's safe when used properly.
✔️ When to Use Each
- ✅
$fillable
: For trusted user input (forms, APIs). - ✅
$guarded
: When many fields are fillable except a few. - ✅
forceFill()
: For backend logic with trusted data.
Using create()
without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.
Blog
How OAuth Works
Jun 29, 2025
How OAuth Works OAuth is a protocol that allows third-party applications to access user data without sharing passwords. It's the backbone of secure a...
Stop Copy-Pasting Code! Learn How to Use Traits in Laravel the Right Way
Jul 01, 2025
🚫 Stop Copy-Pasting Code! Ever duplicated slug logic or logging across multiple models? Laravel's Traits got your back. 1. What’s a Trait?...
Guide to Scroll‑Driven Animations with CSS
Jun 26, 2025
Guide to Scroll‑Driven Animations with CSS CSS animations can now be linked to user scrolling without any JavaScript — just pure CSS. 1. Thr...
Laravel Queue & Job System: From Table Creation to Production Deployment
Jul 01, 2025
🚀 Laravel Queue & Job System We’re gonna walk you through Laravel queues from setup to deploying in production using Supervisor. Step 1...
ECMAScript 2025 Detailed Update Guide for Frontend Developers
Jul 06, 2025
🔍 ECMAScript 2025 – Detailed Feature Guide All new ECMAScript 2025 features with code examples and explanation of their importance for front...
Mastering Laravel 12 Conditional Validation
Jul 07, 2025
Mastering Laravel 12 Conditional Validation Laravel 12's validation system is super powerful, and conditional validation makes your forms...
