Mass assignment is when you send an array to the model creation, basically setting a bunch of fields on the model in a single go, rather than one by one, something like:

批量分配是当您将数组发送到模型创建时，基本上是一次性在模型上设置一堆字段，而不是一个一个，例如：

$user = new User(request()->all());

(This is instead of explicitly setting each value on the model separately.)

（这不是分别在模型上显式设置每个值。）

You can use fillableto protect which fields you want this to actually allow for updating.

您可以使用fillable来保护您希望它实际允许更新的字段。

You can also block all fields from being mass-assignable by doing this:

您还可以通过执行以下操作阻止所有字段可批量分配：

protected $guarded = ['*'];

Let's say in your user table you have a field that is user_typeand that can have values of user / admin

假设在您的用户表中，您有一个字段，该字段的user_type值可以为 user / admin

Obviously, you don't want users to be able to update this value. In theory, if you used the above code, someone could inject into a form a new field for user_typeand send 'admin' along with the other form data, and easily switch their account to an admin account... bad news.

显然，您不希望用户能够更新此值。理论上，如果你使用上面的代码，有人可以向表单中注入一个新字段user_type并将“admin”与其他表单数据一起发送，然后轻松地将他们的帐户切换到管理员帐户......坏消息。

By adding:

通过添加：

$fillable = ['name', 'password', 'email'];

You are ensuring that only those values can be updated using mass assignment

您确保只能使用这些值更新 mass assignment

To be able to update the user_typevalue, you need to explicitly set it on the model and save it, like this:

为了能够更新该user_type值，您需要在模型上显式设置并保存它，如下所示：

$user->user_type = 'admin';
$user->save();

Mass assignment is a process of sending an array of data that will be saved to the specified model at once. In general, you don't need to save data on your model on one by one basis, but rather in a single process.

批量分配是发送一组数据的过程，这些数据将一次保存到指定的模型中。通常，您不需要在模型上逐个保存数据，而是在一个过程中保存数据。

Mass assignment is good, but there are certain security problems behind it. What if someone passes a value to the model and without protection they can definitely modify all fields including the ID. That's not good.

批量赋值是好的，但背后存在一定的安全问题。如果有人将值传递给模型并且没有保护，他们肯定可以修改包括 ID 在内的所有字段怎么办。这不好。

Let's say you have 'students' table, with fields "student_type, first_name, last_name”. You may want to mass assign "first_name, last_name" but you want to protect student_typefrom being directly changed. That's where fillableand guardedtake place.

假设您有一个 'students' 表，其中包含字段"student_type, first_name, last_name"。您可能想要批量分配 "first_name, last_name" 但您想保护student_type不被直接更改。这就是可填充和保护发生的地方。

Fillable lets you specify which fields are mass-assignable in your model, you can do it by adding the special variable $fillableto the model. So in the model:

Fillable 允许您指定模型中哪些字段是可批量分配的，您可以通过向$fillable模型添加特殊变量来实现。所以在模型中：

class Student extends Model {
      protected $fillable = ['first_name', 'last_name']; //only the field names inside the array can be mass-assign
} 

the 'student_type' are not included, which means they are exempted.

' student_type' 不包括在内，这意味着它们被豁免。

Guarded is the reverse of fillable. If fillable specifies which fields to be mass assigned, guarded specifies which fields are not mass assignable. So in the model:

Guarded 是fillable 的反面。如果可填充指定要批量分配的字段，则保护指定哪些字段不可批量分配。所以在模型中：

class Student extends Model {
      protected $guarded = ['student_type']; //the field name inside the array is not mass-assignable
}

you should use either $fillable or $guarded - not both.

您应该使用 $fillable 或 $guarded - 不能同时使用。

For more details open link:- Mass Assignment

有关更多详细信息，请打开链接：-批量分配

Mass assignment means you are filling a row with more than one column using an array of data. (somewhat of a shortcut instead of manually building the array) using Input::all().

批量分配意味着您使用一组数据填充具有多个列的行。（有点快捷，而不是手动构建数组）使用Input::all().

Technically just from the top of my head. Fillable means what columns in the table are allowed to be inserted, guarded means the model can't insert to that particular column.

技术上只是从我的头顶。Fillable 表示允许插入表中的哪些列，guarded 表示模型不能插入到该特定列。

Notice that when you try to do a mass assignment with like, insert to a column named "secret", and you have specified that it is guarded, you can try to insert to it via the model, but it will never really get inserted into the database.

请注意，当您尝试使用类似进行批量分配时，插入名为“secret”的列，并且您已指定它是受保护的，您可以尝试通过模型插入它，但它永远不会真正插入数据库。

This is for security, and protection on your table when using the model. Mass assignment seems to be just a notice or warning that you didn't tell the model which are fillable and guarded and makes it vulnerable to some kind of attacks.

这是为了安全，并在使用模型时保护您的桌子。批量分配似乎只是一个通知或警告，表明您没有告诉模型哪些是可填充和受保护的，并使其容易受到某种攻击。

This is when an array of data received is saved at once in a model.

这是将接收到的数据数组一次性保存在模型中的情况。

Because of the security issues with this method in laravel, it's recommended you define the fields you wish the requested data to populate on the Model.

由于此方法在 laravel 中存在安全问题，建议您定义您希望请求的数据填充到模型上的字段。

You can use the $fillablevariable to define the fields you want to populate on the database table.

您可以使用该$fillable变量来定义要填充到数据库表中的字段。

E.g

例如

Protected $fillable = [‘username', ‘dob', ‘email',];

When laravel detects you are mass assigning data, it forces you to define the fields you want to mass assign in the model class.

当 Laravel 检测到您正在批量分配数据时，它会强制您在模型类中定义要批量分配的字段。

Someone can easily pass unwanted data into an html form to your database.

有人可以轻松地将不需要的数据以 html 形式传递到您的数据库。