Registering data with Laravel

Asked

Viewed 107 times

1

I cannot return the user to a particular page after registering a registration form, the data goes to the database normally, but returns an error.

My class of Controller

class AccountController extends Controller
{

    public function newAccount(UserSystem $user, NewAccountRequest $account)
    {

         $user->create([

            $user->first_name = $account->get('first_name'),
            $user->last_name = $account->get('last_name'),
            $user->email = $account->get('email'),
            $user->username = $account->get('username'),
            $user->secret = bcrypt($account->get('secret')),
            $result = $user->save()
        ]);


        ($result) ? 
        redirect()->route('login')->with('Conta criada com sucesso') :
        redirect()->route('new-account')->with('Houve uma falha ao criar a conta');

    }

}

Model

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Model;

class UserSystem extends Model
{
    //
    protected $guarded = ['id', 'created_at', 'updated_at', 'deleted_at'];
    protected $table = 'user_systems';

}

and this error returns to me:

SQLSTATE[42S22]: Column not found: 1054 Unknown column '1' in 'field list' (SQL: insert into `user_systems` (`1`, `2`, `3`, `4`, `updated_at`, `created_at`) values (testando, [email protected], teste1, $2y$10$3.LTta6El5nckmTNBRYBa.tyS.ho0ObpAwSVNSyZLMfMSqSwPNEwy, 2019-09-16 12:58:08, 2019-09-16 12:58:08))

And in the documentation of Laravel says:

You can also use the create method to save a new template in a single line. The instance of the inserted template will be returned to you from the method However, before doing this, you will need to specify a fillableou a guardedatributo in the template, since all Eloquent models protect against mass allocation by standard.

A mass assignment vulnerability occurs when a user passes an unexpected HTTP parameter via a request and this parameter changes a column in your database that you do not expected. For example, a malicious user can send a is_adminparameter via an HTTP request, which is passed to createmétodo of your model , allowing the user to forward for an administrator.

So, to get started, define which model attributes you want assign in bulk. You can do this using $fillablepropriation in the model. For example, let’s assign the attribute of our Flightmass of model:

How do I pass these values I took to the bank without giving this mistake?

2 answers

1


Using the save() method on the model.

public function newAccount( NewAccountRequest $account)
{

$user = new UserSystem;

$user->first_name = $account->get('first_name');
$user->last_name = $account->get('last_name');
$user->email = $account->get('email');
$user->username = $account->get('username');
$user->secret = bcrypt($account->get('secret'));
$result = $user->save();


($result) ?
redirect()->route('login')->with('Conta criada com sucesso') :
redirect()->route('new-account')->with('Houve uma falha ao criar a conta');

}

}

Using the create() method in the model.

class Accountcontroller extends Controller {

public function newAccount( NewAccountRequest $account)
{
    $result= UserSystem::create([
    'first_name' => $account->get('first_name'),
    'last_name' => $account->get('last_name'),
    'email' => $account->get('email'),
    'username' => $account->get('username'),
    'secret' => bcrypt($account->get('secret')),
    ];


    ($result) ?
    redirect()->route('login')->with('Conta criada com sucesso') :
    redirect()->route('new-account')->with('Houve uma falha ao criar a conta');

}

}

namespace App\Models;

use Illuminate\Database\Eloquent\Model;

class UserSystem extends Model
{
    //
    protected $fillable = ['first_name', 'last_name', 'email', 'username', 'secret'];


//protected $guarded = ['id', 'created_at', 'updated_at', 'deleted_at'];

    protected $table = 'user_systems';

}
  • I read about MVC and I came up with another question that I didn’t understand. Is it correct to apply the CRUD methods in the controller or in the Model itself? And the validation goes along with this data or should-be treated in an isolated way and then passed only to register?

  • About attributes $fillable and $guarded Don’t they get it wrong? According to the documentation of Laravel one should use one or the other, but not both as quoted: "The instance of the inserted model will be returned to you from the method However, before doing so, you will need to specify a fillable or a guarded attribute in the template, as all Eloquent templates protect against mass attribution by default."

  • 1

    There are arguments for all tastes, can do everything on the controller and there is nothing wrong. However, there are good practices and the Standard provides many tools, such as validation in the request. Must read the documentation and there are thousands of online tutorials

0

If you want to keep your insertion with create, as you put in your example, you pass an array of objects, then you do the following:

Instead:

$user->create([

            $user->first_name = $account->get('first_name'),
            $user->last_name = $account->get('last_name'),
            $user->email = $account->get('email'),
            $user->username = $account->get('username'),
            $user->secret = bcrypt($account->get('secret')),
            $result = $user->save()
        ]);

Do it:

$user = App\User::updateOrCreate([
            'first_name' => $account->get('first_name'),
            'last_name' => $account->get('last_name'),
            'email' => $account->get('email'),
            'username' => $account->get('username'),
            'secret' => bcrypt($account->get('secret')),
        ]);

Browser other questions tagged

You are not signed in. Login or sign up in order to post.