Bypassing $fillable Safely with forceFill() in Laravel
July 2, 2025Bypassing $fillable
Safely with forceFill()
in Laravel
Ever used create()
in Laravel and noticed some fields like role
or status
didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.
🔐 What Is Mass Assignment?
Mass assignment lets you set multiple model attributes in one go, e.g.:
User::create([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // This won’t get saved if not fillable
]);
🛡️ Two Ways to Control Fillable Fields
1. $fillable
(Whitelist)
protected $fillable = ['name', 'email'];
Only listed fields are allowed for mass assignment.
2. $guarded
(Blacklist)
protected $guarded = ['role'];
Everything is fillable except the blacklisted attributes.
⚡ Enter forceFill()
When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:
$user = new User;
$user->forceFill([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // Will be assigned regardless of $fillable
])->save();
No need to adjust your $fillable
or $guarded
, and it's safe when used properly.
✔️ When to Use Each
- ✅
$fillable
: For trusted user input (forms, APIs). - ✅
$guarded
: When many fields are fillable except a few. - ✅
forceFill()
: For backend logic with trusted data.
Using create()
without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.
Blog
React Native 0.80 & ExecuTorch: A Powerful Leap into Offline AI for Mobile Apps
Jul 28, 2025
🚀 What’s New in React Native 0.80? The React Native 0.80 release marks a pivotal moment in mobile development. This update not only enhances...
Object-Oriented Programming (OOP) – Core Concepts
Aug 09, 2025
Object-Oriented Programming (OOP) is a modern software development approach that divides an application into units called Objects that interact with...
ECMAScript 2025 Detailed Update Guide for Frontend Developers
Jul 06, 2025
🔍 ECMAScript 2025 – Detailed Feature Guide All new ECMAScript 2025 features with code examples and explanation of their importance for front...
Stop Copy-Pasting Code! Learn How to Use Traits in Laravel the Right Way
Jul 01, 2025
🚫 Stop Copy-Pasting Code! Ever duplicated slug logic or logging across multiple models? Laravel's Traits got your back. 1. What’s a Trait?...
Task Reminder with Laravel & MongoDB
Jun 30, 2025
📌 Building a Task Reminder App This guide shows how to set up a Laravel app using MongoDB to implement a task reminder system with authentication,...
The Difference Between Redux, Context & React Components in State Management
Aug 06, 2025
When building applications with React, there’s always a need to manage data that changes based on user interaction or from fetching external r...
