Hope everyone is doing great.
I have been using a laravel 5.2 for a few days now and I am stuck with the concept of either we should use mass assignment fillable /guarded for inserted file by and end user as the file gets uploaded to server and its path is stored in database and from that database table, gets the id stored in media table.
So my question actually is should we place a mass-assignment check n uploaded file to be inserted or updated or not. Either way, explanation is needed please. if possible, please attached the demonstrated examples as well for the approach adopted.
bundle of thanks in advance for everyone.
Mass assignment is all about placing check on the input we get from the form. if a user tries to add a field by editing the source code (going in the inspect element section) and providing a value for other fields than allowed (mass-assigned), those values are ignored by framework. Yet if we make any change in any value programetically in our controller or model file, the changes take effect as that is done by developers at backend (server side) and not by some user at public end.
So yes. Its a good practice to use mass-assignment in order to make sure only allowed fields are getting values from the form and not the other ones we don't wish to have stored in our db.
I don't think the file upload and the Eloquent mass-assignment are related enough for you to want to consider that a question. You could have a fixed directory on your server where you store all your uploaded files, and have the files have the same name on disk as the id of their associated model.
Only allow mass assignment for fields you know will not be misused, or whose values must be strictly monitored by the app - but good validation should filter out most troubles.
So for example you could have this below in your controller (after doing the other file validation like the type and its presence):
$user = Auth::user(); //Logged in user
$photo = new Photo([
"caption" => $request->input('caption'),
"location" => $request->input('location'),
"time" => $request->input('time'),
"filename" => $request->file('photo')->getClientOriginalName()
]); //Eloquent model
$user->photos()->save($photo);
$request->file('photo')->move($destinationPath, $photo->id);