Bypassing $fillable Safely with forceFill() in Laravel
July 2, 2025Bypassing $fillable Safely with forceFill() in Laravel
Ever used create() in Laravel and noticed some fields like role or status didn’t save? That’s because Laravel’s mass assignment protection silently ignores non-whitelisted attributes.
π What Is Mass Assignment?
Mass assignment lets you set multiple model attributes in one go, e.g.:
User::create([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // This won’t get saved if not fillable
]);π‘οΈ Two Ways to Control Fillable Fields
1. $fillable (Whitelist)
protected $fillable = ['name', 'email'];Only listed fields are allowed for mass assignment.
2. $guarded (Blacklist)
protected $guarded = ['role'];Everything is fillable except the blacklisted attributes.
β‘ Enter forceFill()
When you trust your data source (e.g., from an internal service, seeder, or job), you can bypass fillable/guarded protection using:
$user = new User;
$user->forceFill([
'name' => 'John',
'email' => '[email protected]',
'role' => 'admin', // Will be assigned regardless of $fillable
])->save();No need to adjust your $fillable or $guarded, and it's safe when used properly.
βοΈ When to Use Each
- β
$fillable: For trusted user input (forms, APIs). - β
$guarded: When many fields are fillable except a few. - β
forceFill(): For backend logic with trusted data.
Using create() without understanding mass assignment may result in “missing fields” — use the right tool for the job. Laravel is powerful when used with understanding.
Blog
CSS Specificity: Layers vs BEM vs Utility Classes
Jun 26, 2025
CSS Specificity: Cascade Layers vs BEM vs Utility Classes This article compares three approaches to managing CSS specificity — BEM, utilityβf...
How to Make Your Website Blazing Fast β Step by Step
Jul 30, 2025
Why Performance Is Non-Negotiable In today’s fast-paced world, no one has time to wait for a slow-loading website. On mobile, users abandon...
Is Laravel Slow? Optimize Queries & Indexes for Maximum Performance
Jul 20, 2025
A detailed, example-rich guide to avoid slowdowns in Laravel apps by optimizing data retrieval and employing indexing smartly. 1. π§ Fetch Only...
Laravel 12.18.0 Update
Jun 17, 2025
Laravel 12.18.0 Update The Laravel team released version 12.18.0 with several cool updates: String encrypt() & decrypt() helpers are...
The Difference Between Redux, Context & React Components in State Management
Aug 06, 2025
When building applications with React, there’s always a need to manage data that changes based on user interaction or from fetching external r...
Mastering Modern CSS: The Power of if(), Popover Hints, and Smart Styling
Jul 16, 2025
π Mastering Modern CSS: The Power of if(), Popover Hints, and Smart Styling CSS is getting smarter. In this guide, we’ll explore how the new...
