4

I'm following the Laravel From Scratch tutorial series, I'm currently at the part that you are creating a comment system for your articles system. But I'm having a problem, I don't really know what the error is saying at this point.

The error:

Illuminate\Database\Eloquent\MassAssignmentException
body

The comment model:

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Comment extends Model
{
    public function post()
    {
        return $this->belongsTo(Post::class);
    }
}

The post model:

<?php

namespace App;

class Post extends Model
{
    public function comments()
    {
        return $this->hasMany(Comment::class);
    }

    public function addComment($body)
    {
        $this->comments()->create(compact('body'));
    }
}

The route I made:

Route::post('/posts/{post}/comments', 'CommentsController@store');

The comments controller:

<?php

namespace App\Http\Controllers;

use App\Post;

class CommentsController extends Controller
{
    public function store(Post $post)
    {
        $post->addComment(request('body'));

        return back();
    }
}

Thanks in advance!

Edwin
  • 1,135
  • 2
  • 16
  • 24
Dion Pool
  • 105
  • 1
  • 1
  • 11
  • [check here](https://stackoverflow.com/questions/34565515/laravel-5-massassignmentexception-in-model-php/34565540#34565540) – Moppo Oct 27 '17 at 06:58
  • 3
    Possible duplicate of [Laravel 5 : MassAssignmentException in Model.php](https://stackoverflow.com/questions/34565515/laravel-5-massassignmentexception-in-model-php) – Himanshu Upadhyay Oct 27 '17 at 06:58
  • 1
    Add `protected $fillable = [ 'db_column1','db_column' ]` in your two models. – aldrin27 Oct 27 '17 at 06:59

2 Answers2

13

Explanation of this error

This is a security feature of Laravel. It is designed to protect you against form manipulation when using mass assignments.

For example on a sign-up form: When you have an is_admin column in your database, a user simply could manipulate your form to set is_admin to true on your server, and therefore in your database. This security feature prevents that by using a whitelist to define safe fields.

How to fix that

You need to set a $fillable property on your model. It's value must be an array containing all fields that are safe to mass assignable (like username, email address, ...). 

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Comment extends Model
{
    # This property!
    protected $fillable = ['body'];

    // ...
}

See "Mass assignment" in the docs: https://laravel.com/docs/5.5/eloquent#mass-assignment

tinyoverflow
  • 1,933
  • 3
  • 13
  • 29
0

Mass assignment is when you send an array to the model creation, basically setting a bunch of fields on the model in a single go, rather than one by one, something like what you did here:

public function addComment($body)
{
    $this->comments()->create(compact('body'));
}

You need to add the field you are populating to the fillable array in Comments.php model: 

<?php

namespace App;

use Illuminate\Database\Eloquent\Model;

class Comment extends Model
{

    protected $fillable = ['body'];

    public function post()
    {
        return $this->belongsTo(Post::class);
    }
}

As the documentation states:

You may also use the create method to save a new model in a single line. The inserted model instance will be returned to you from the method. However, before doing so, you will need to specify either a fillable or guarded attribute on the model, as all Eloquent models protect against mass-assignment by default.

Hope this helps you.

Asur
  • 3,727
  • 1
  • 26
  • 34