Bypassing $fillable Safely with forceFill() in Laravel
July 2, 2025Bypassing $fillable Safely with forceFill() in Laravel
Ever used create() in Laravel and noticed some fields like role or status didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.
🔐 What Is Mass Assignment?
Mass assignment lets you set multiple model attributes in one go, e.g.:
User::create([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // This won’t get saved if not fillable
]);🛡️ Two Ways to Control Fillable Fields
1. $fillable (Whitelist)
protected $fillable = ['name', 'email'];Only listed fields are allowed for mass assignment.
2. $guarded (Blacklist)
protected $guarded = ['role'];Everything is fillable except the blacklisted attributes.
⚡ Enter forceFill()
When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:
$user = new User;
$user->forceFill([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // Will be assigned regardless of $fillable
])->save();No need to adjust your $fillable or $guarded, and it's safe when used properly.
✔️ When to Use Each
- ✅
$fillable: For trusted user input (forms, APIs). - ✅
$guarded: When many fields are fillable except a few. - ✅
forceFill(): For backend logic with trusted data.
Using create() without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.
Blog
Bypassing $fillable Safely with forceFill() in Laravel
Jul 02, 2025
Bypassing $fillable Safely with forceFill() in Laravel Ever used create() in Laravel and noticed some fields like role or status didn’t save? T...
Using useCallback in React: Benefits, Limitations, Best Practices
Jul 31, 2025
The useCallback hook in React is used to return a memoized version of a callback function, so it's only recreated when its dependencies change. The...
Object-Oriented Programming (OOP) – Core Concepts
Aug 09, 2025
Object-Oriented Programming (OOP) is a modern software development approach that divides an application into units called Objects that interact with...
Laravel 12.21.0 – A Smart Update for Cleaner Queries and Stricter Validation
Aug 03, 2025
Laravel 12.21.0 introduces two game-changing features aimed at writing cleaner, more maintainable code. The update includes the new whereValueBetwe...
Laravel Queue & Job System: From Table Creation to Production Deployment
Jul 01, 2025
🚀 Laravel Queue & Job System We’re gonna walk you through Laravel queues from setup to deploying in production using Supervisor. Step 1...
Comparison between Scopes + Traits × UseEloquentBuilder in Laravel
Jul 13, 2025
Laravel provides multiple ways to write reusable query logic. The two most common approaches are using Scopes with Traits or the newer #[UseEloquentBu...
