Insert of data passing only $_POST using Laravel

Asked

Viewed 328 times

2

on the assumption that all names the inputs have the same name as the database column.

public function create(){
    // o que está abaixo é um exemplo com os dados já populados
    $arrayDados= Input::all();
    unset($arrayDados["_token"]); 
    /*$arrayDados = array(
        "valor1" => "teste",
        "valor2" => "1234",
        "valor3"=>1234
    );
    DB::table("tabela")->insert($arrayDados );*/
    DB::table("tabela")->insert($arrayDados );
}

//HTML

<input type="text" name="valor1"/>
<input type="text" name="valor2"/>
<input type="text" name="valor3"/>

//Na tabela do banco de dados
coluna de nome: | valor1 | valor2 | valor3 |

I have 4 forms of ENEM questionnaires (ranging from school subject) with 100 questions each. There are several radios buttons, textareas etc. in my view, I find it laborious to bind each of the name's of html with the bank column. Is it good practice? Is there any security breach that could happen?

php laravel

1 answer

1


Before any contact with the database the server must ALWAYS validate the inputs via POST and GET, if it comes from HTML/URL form.

This depends on whether you want the validations to be equal for all user inputs. Ex: Assuming that the Names of the html inputs are the same as the names of the columns of the table where you want to insert the data, and just want them to be numerical:

Laravel 5+:

public function receber_dados(Request $request) {
    $inputs = $request->except(['_token']); //todos os inputs (name => input) excpeto o crsf_token

    foreach($inputs as $key => $value) {
        $inputs[$key] = e($value); // versão curta de laravel para htmlentities, prevenção de javascript/html na nossa base de dados
        $rules[$key] = 'numeric';
    }

    $validator = Validator::make($inputs, $rules);
    if ($validator->fails()) {
        return redirect()->back()->withErrors($validator);
    }

    DB::table("tabela")->insert($inputs);
    $success = 'dados inseridos';
    return ...;
}

But if you want different validations. Such as checking if an email is unique in the table in the database, or checking if the passwords match and/or hash the password there will already have to handle each of these 'exceptional' inputs in its own way.

In Laravel even has simplified life because you can use built-ins Laravel validations in the most common validations

  • Any reason not to use the Laravel Validator?

  • Of course not, I recommend it myself. This function was just an example, in a real project one should use, if it is to use a framework it is to use what it gives us, otherwise it is better not to use

  • But you are absolutely right to point that out. I edited my answer so that it is '100% Readable'

  • a small question: do you need to do some treatment to know if the query was successfully saved? for example, if the connection fell in the middle of the transaction, etc. after the ->insert is it necessary to check something? for example: no pdo we checked by if ($stmt->execute($data))

  • Can create a try {...} catch(\Illuminate\Database\QueryException $e) { ... erro... }

Browser other questions tagged php laravel

You are not signed in. Login or sign up in order to post.