Reputation:
Laravel's Input:all() ignores disabled inputs
While var_dumping the content of Input:all() with Laravel 4, I noticed that an input generated with the following code is ignored by the framework:
{{ Form::text('departure', 'Departure', array('class' => 'form-control', 'disabled')) }}
But that the following works as expected:
{{ Form::text('departure', 'Departure', array('class' => 'form-control')) }}
I have a good reason to disable the user messing with what is in this input field. Yet I need to save it in the database. How should I do this? Disable the disabled attribute with jQuery when the user submits the form? That's a bit ridiculous, isn't it?
Upvotes: 18
Views: 13680
Answers (2)
Reputation: 11506
It's a bad idea to rely on HTML flags like disabled or readonly. The user can easily open up the inspector and change the value of the field. Don't expose this at all in the template, this is business logic which belongs in the model!
Are you looping over Input::all() to save the fields to the database? If so, you could write something like this:
$allowedFields = ["field1", "field2", "field3" ...];
foreach($allowedFields as $field) {
if(Input::has($field) {
$myEloquentModel->{$field} = Input::get($field);
}
}
$myEloquentModel->save();
Benefits: checks only allowed fields, updates only present fields in the actual request.
Upvotes: 4
Related Questions
- How to set disabled select option in Laravel with Illuminate/Html
- Integrity constraint violation for disabled input field in Laravel
- How to POST input field that are disabled/readonly with condition?
- Form input not validate if input is disabled
- Laravel 5.5 request()->all() doesn't get all the inputs
- Handle checkboxes in Input::all() in Laravel 4
- Laravel Input::all() fetching one row only
- Using $input->all() instead of Input::all() Laravel-5
- Deactivate filtering if inputs comes with all in Laravel
- Form submit, Input:all() not showing all inputs