What is `protected $fillable` in a Laravel model?

In Laravel, the `protected $fillable` property is used to define an array of attributes that are mass assignable. This means these attributes can be assigned using mass-assignment techniques, such as when creating a new model instance or updating an existing one using the `create` or `update` methods.

Mass Assignment

Mass assignment is a way to assign multiple attributes to a model instance in a single step, typically using an array. For example, you might have a form where a user can submit several pieces of information at once. Instead of assigning each piece of information individually, you can pass the entire array to the `create` or `update` method.

Here’s an example of how you might use the `$fillable` property in a Laravel model:

namespace App\Models;

use Illuminate\Database\Eloquent\Model;

class Post extends Model
{
    // Define the attributes that are mass assignable
    protected $fillable = [
        'title', 
        'content', 
        'author_id'
    ];
}

In this example, the `Post` model has three attributes (`title`, `content`, and `author_id`) that are mass assignable.

Using Mass Assignment

With the `$fillable` property defined, you can now safely use mass assignment:

// Creating a new post
$post = Post::create([
    'title' => 'My First Post',
    'content' => 'This is the content of my first post.',
    'author_id' => 1
]);

// Updating an existing post
$post->update([
    'title' => 'Updated Title',
    'content' => 'This is the updated content.'
]);

The primary purpose of the `$fillable` property is to prevent mass-assignment vulnerabilities. Without `$fillable` (or its counterpart `$guarded`), any attribute in the model can be mass assigned, which could potentially allow malicious users to update sensitive fields that they shouldn’t have access to.

Mass Assignment Vulnerability

So what is this mass assignment vulnerability? Consider a scenario where a user can submit their profile information. If the user model has an attribute like `is_admin`, and this attribute is not protected, a malicious user could submit a form with an `is_admin` field and set its value to `true`, giving themselves admin privileges.

By defining the `$fillable` property, you explicitly specify which attributes are safe to be mass assigned, thus mitigating this risk.

So, using the `$fillable` property is a best practice in Laravel to ensure that only the intended attributes can be mass assigned, enhancing the security of your application.

Fatal error: Unparenthesized `a ? b : c ? d : e` is not supported in DatabaseInterface.php on line 615

You will get this error when you upgrade your PHP 7 to PHP 8 (or even 7.3 to 7.4 or something like that) but keep your old phpmyadmin version. This error can be in any code but in our case it is in phpMyAdmin\libraries\classes\DatabaseInterface.php file so we need to fix it for phpMyAdmin. We will not fix the code itself because in this case it is not needed.

The solution here is for Laragon. It is a little longer, but easy, Laragon oriented solution so you can better understand how it works. Scroll down to the end to do this manually (faster).

Laragon solution

It is possible that your Laragon came with older phpMyAdmin version. So we will tell Laragon to download the latest one.

Open your {INSTALLATION_PATH}\laragon\etc\apps\phpMyAdmin folder. Just in case, backup this phpMyAdmin folder first. Then delete all files in it so the folder is empty.

Right click the laragon tray icon, then Tools then Quick add and then Configuration…

laragon options configuration quick app

this will open packages. conf file in your text editor. Find this line :

# phpMyAdmin
phpmyadmin= *******

of course you will see a link to phpmyadmin download page. It will pobably be link to a specific version.

Change it to this (latest version of phpmyadmin) and save the file.

# phpMyAdmin
phpmyadmin=https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.zip

Note: if the second line starts with # you need to delete the # character.

Right click the laragon tray icon again, then Tools then Quick add and then phpmyadmin… and Laragon with automatixally downlaod the latest phpMyAdmin and install it.

laragon phpmyadmin

Restart Laragon, open yourproject.test/phpmyadmin/ in your browser (your project will be called different than yourproject.test) and phpmyadmin should work.

Manual solution

1. backup and then delete all files in {INSTALLATION_PATH}\laragon\etc\apps\phpMyAdmin folder
2. Download the latest version of phpMyAdmin from https://www.phpmyadmin.net/downloads/
3. Extract the content of downloaded ZIP file into a empty phpMyAdmin folder
4. Restart laragon and phpMyAdmin should work.

Download latest Laragon & Install Laravel 9

I like to use Laragon sometimes for my Laravel development. I had Laragon 5 installed and wanted to create new Laravel 9 project. When I selected Quick App-> Laravel it installed Laravel 8! I looked at Laragon website but the latest one there is Laragon 5 with PHP 7. Laravel 9 requires PHP 8.

Good news is that Laragon has already updated to Laragon 6 with PHP 8 but for some reason there is no downlaod link on their downlaod page (at the time of writing this post).

So what you need to do is go to Laragon github page and download latest laragon-wamp.exe from there. Then you do a backup of your current laragon folder on your PC and then just install the latest Laragon – it will keep all your files and settings, just upgrade to latest Laragon with PHP 8.

After you are done right click the Laragon icon, quick app and Laravel and it will install Laravel 9 (and probably next versions as long as they require PHP 8)

Laravel – Remove Public from URL

Why is my Laravel URL mysite.com/public by default and how do I remove “public” from URL?

Probably the first question most people ask when they install their new Laravel site.

Here are 2 ways, luckily it is easy to do.

1. The most standard one is to just edit .htaccess file and add these lines:

<IfModule mod_rewrite.c>
   RewriteEngine On 
   RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

Note: For this to work you must have mod_rewrite enabled on your Apache server because rewrite module is required to apply these settings.

2. This option is either easier or more complicated, depending on if you can edit ‘Document root’ on your hosting server. So, if you have access to Cpanel of your hosting AND they allow you to change ‘Document root’ then change it from let say “/public_html” to “/public_html/public”. That should do the trick.

If you can’t edit ‘Document root’ by yourself (security measure etc) then the best is to ask your host support to change it to “/public_html/public” (assuming your root folder for website is /public_html . If it is /www then let them change it to /www/public).

phpMyAdmin – Some errors have been detected on the server!

If you are getting this pop up warning

Some errors have been detected on the server! Please look at the bottom of this window.

phpmyadmin error

while using phpMyAdmin then the easiest way to stop this window popping up all the time is to disable this kind of error reporting.

First open the file /etc/phpmyadmin/config.inc.php.

then add/modify (or uncomment) the following line so you end up with this line:

$cfg['SendErrorReports'] = 'never';

Save it, restart MySQL or web server and the error message should be gone.

CSS files not refreshing on – wordpress / siteground

If you have siteground hosting (could be the same for other hosts) and maybe WordPress site and you just edited a style.css file, reloaded your page but you cant see the changes (they appear after some time) then it is probably a Super Cacher issue.

Go to your siteground cpanel, find SuperCacher under Site Improvement Tools and click it.

Then find your domain, click Flush Cache then turn it Off.

Here is some more info:
The Static Cache option caches all static content on your account that includes images, CSS files, javascript, flash, and more. Once enabled, all requests of future visitors to your pages will be answered from the cached content and not directly from the server. If you just made changes to your website and want to see them live immediately, you could use the flush button to purge the cache on your account and not wait for the automatic server flush that happens over periods of a few hours.

So one approach you could use is this : turn off cache while you are editing the files (through FTP, not in wordpress admin) site. Once you are done just turn it on again.

WordPress Custom Fields missing in admin (post or page)

This is a very specific problem so it might only work for some. After I updated WordPress and all plugins on an old site that used WordPress Custom Fields to enter some data, the Custom Fields in admin disappeared. I could add a new post but Custom Fields were nowhere to be sen, not even in the screen options.

Long story short, after doing some searching on the net, I found out it was ACF (Advanced Custom Fields) fault. In new version of the plugin they disable WordPress Custom Fields because they think you are using ACF anyway so no need for both. Not sure I agree but here is 2 ways you can try to solve it:

  1. If you activated ACF but are not using the plugin, just disable it.  WordPress Custom Fields should come back.
  2. If you want to keep both then add this code to your theme’s function.php file (the best is the child theme, if you have one)
    add_filter('acf/settings/remove_wp_meta_box', '__return_false');

WordPress Custom Fields should reappear now.

Using Laragon for Laravel projects

I am in the process of migrating one of my sites from Codeigniter (anyone remember it? It promised so much but then fell behind, especially when Laravel came out years ago) to Laravel. It’s been a while since I used Laravel but I always love developing with it.

I always use XAMPP for local development but luckily I googled for alternatives and found Laragon. What an awesome find. At first I thought it was just for Laravel, due to name Laragon but you can use it for everything.

So here is how easy it was to install latest Laravel and start local development.

  1.  Go to Laragon website and download it, full or lite. Install (also select development folder) and start the services. Now you have a running web server!I changed few preferences (I don’t want it to start with Windows but I want it to start minimized and start ALL services at once) but you can do whatever is best for you.Another great thing: It comes with my favorite Console Emulator CMDER (not my screenshot):
  2. Let’s install Laravel. Right click blue (or green) Laragon tray Icon -> Quick App -> Laravel, name the project (folder)  and Laragon will begin to install Laravel via console. If you get asked for admin permission to open console (for hosts if I remember correctly) say yes.   When it finishes you should be able to open the web at ProjectName.test . I have to say that the first time I installed Laravel the scripts in console did not finish so it didnt work. I deleted the project folder, restarted the step  2. again and then it worked – Laravel was installed!
    laragon install laravel
  3.  I noticed that phpmyadmin was not installed. It is super easy again to install it :  Right click blue (or green) Laragon Icon -> Tools -> Quick Add -> *phpmyadmin . Wait few moment and you can access it at localhost/phpmyadmin/

And that is all. I installed local web server, Laravel and phpmyadmin with few clicks.

Curl Error : SSL certificate problem: unable to get local issuer certificate Laravel Wamp

Got this error when trying to use a Laravel API package that used Curl:

Curl Error : SSL certificate problem: unable to get local issuer certificate

I am using WAMP (local development) so the solution that worked was this (Let’s assume your PHP version is 7.1.9):

1. Download/save this file: http://curl.haxx.se/ca/cacert.pem into (your wamp path might differ) the C:\wamp64\bin\php\php7.1.9 folder.

2. Now you have to edit php.ini file but in my case it was not the one that is in the above folder (I tried that one first but still got the same error) but it was the one in this (your wamp and apache folder might differ) folder:  C:\wamp64\bin\apache\apache2.4.27\bin . The easiest way to open this file is to click on the green W (Wamp) icon in the tray, then PHP and then php.ini and Windows should open this file for you.

3. Find this line
;curl.cainfo
and change it to :
curl.cainfo = "C:\wamp614\bin\php\php7.1.9\cacert.pem"
Dont forget to remove the ; at the start of the line and of course use your wamp path.

4. Restart (or exit and start) the WAMP server and the error should be gone!