So, as it turns out from the docs Mass assignment is now blocked by default for security reasons (e.g fetching all data from the form without specifying the fields (Input::all()
) and saving it as is to the DB might result in unwanted fields being assigned, in case the client manipulates the form by adding a field with a name that corresponds to the field in the DB).
To designate the fields that are allowed to be assigned, one should either explicitly add the fields in question as a white-list to a protected $fillable
array on the model, or alternatively, create a black-list using the $guarded
array