Laravel17 min readMass Assignment and $fillable: Protect Your Models
Understand how to safely insert and update data using $fillable in Eloquent models.
Mass assignment lets you pass arrays directly into create() or update(). If not controlled, users could modify sensitive fields. ## Risky example ```php Post::create($request->all()); ``` ## Safe pattern Model: ```php protected $fillable = ['title', 'body']; ``` Controller: ```php $data = $request->validate([ 'title' => 'required', 'body' => 'required', ]); Post::create($data); ``` ## Safe flow ```mermaid flowchart TD A[Request] --> B[Validation] B --> C[Allowed Fields] C --> D[Model $fillable] D --> E[(DB)] ``` This protects your application from hidden field injection. In the next tutorial, we will display large data sets using pagination.