Understanding Laravel Model Properties: A Deep Dive

Laravel, a leading PHP framework, is praised for its expressive syntax, especially when it comes to database operations. Central to this is the concept of models, which serve as an ORM (Object-Relational Mapping) layer, allowing developers to interact with database tables as if they were PHP objects. Integral to these models are specific properties that dictate how they behave with the database.

In this article, we'll dive deeper into five essential properties of Laravel models:

1. $table
2. $primaryKey
3. $timestamps
4. $fillable
5. $guarded

1. $table

By default, Laravel assumes that the table name in the database is the plural form of the model name. For instance, for a model named User, Laravel will look for a table named users. However, if your table doesn't follow this convention, you can specify the table name using the $table property.

class Profile extends Model{
   protected $table = 'user_profiles';
}

In this case, even though the model is named Profile, Laravel will use user_profiles as the table name.

2. $primaryKey

While id is a common primary key in many databases, not all tables use id as their primary key. If your table uses a different column as its primary key, then you can define this using the $primaryKey property.

class Book extends model{
 protected $primaryKey = 'book_id';
}

Now when you use functions like find(), Laravel will use 'book_id' as primary key.

3. $timestamps

Eloquent, Laravel's ORM, expects created_at and updated_at columns to exist on your tables by default. Every time a new model is saved, it sets the created_at and updated_at columns to the current date/time. If you update an existing model, it modifies the updated_at column.

If your table does not have these columns, or you don't want Eloquent to automatically manage these timestamps, set the $timestamps property to false.

class User extends Model{
  public $timestamps = false;
}

4. $fillable

To protect your database from malicious mass assignments (where an attacker might try to submit additional, unexpected parameters in a request), you can specify which columns in your table can be mass-assigned using the $fillable property.
Example:

class User extends Model{
  protected $fillable = ['first_name', 'last_name', 'email'] ;
}

In this case, only the first_name, last_name, and email fields can be mass-assigned, protecting all other fields from potential vulnerabilities.

5. $guarded

As the counterpart to $fillable, the $guarded property is a list of attributes that should not be mass-assignable. If $fillable is like a whitelist, $guarded is a blacklist.

Example:

class Post extends Model{
   protected $guarded = ['post_id', 'views'];
}

this means that you can't mass assign post_id and views but you can mass assign all the other columns in the posts table.

Conclusion:

These properties on Laravel models provide developers with granular control over how they interact with their database, ensuring both security and functionality. By mastering these properties, you ensure that your application's data layer is robust, efficient, and resistant to common vulnerabilities.