Understanding Laravel Model Properties: A Deep Dive
Laravel, a leading PHP framework, is praised for its expressive syntax, especially when it comes to database operations. Central to this is the concept of models, which serve as an ORM (Object-Relational Mapping) layer, allowing developers to interact with database tables as if they were PHP objects. Integral to these models are specific properties that dictate how they behave with the database.
In this article, we'll dive deeper into five essential properties of Laravel models:
- $table
- $primaryKey
- $timestamps
- $fillable
- $guarded
1. $table
By default, Laravel assumes that the table name in the database is the plural form of the model name. For instance, for a model named User
, Laravel will look for a table named users
. However, if your table doesn't follow this convention, you can specify the table name using the $table
property.
class Profile extends Model{
protected $table = 'user_profiles';
}
In this case, even though the model is named Profile
, Laravel will use user_profiles
as the table name.
2. $primaryKey
While id
is a common primary key in many databases, not all tables use id
as their primary key. If your table uses a different column as its primary key, then you can define this using the $primaryKey
property.
class Book extends model{
protected $primaryKey = 'book_id';
}
Now when you use functions like find(), Laravel will use 'book_id' as primary key.
3. $timestamps
Eloquent, Laravel's ORM, expects created_at
and updated_at
columns to exist on your tables by default. Every time a new model is saved, it sets the created_at
and updated_at
columns to the current date/time. If you update an existing model, it modifies the updated_at
column.
If your table does not have these columns, or you don't want Eloquent to automatically manage these timestamps, set the $timestamps
property to false
.
class User extends Model{
public $timestamps = false;
}
4. $fillable
To protect your database from malicious mass assignments (where an attacker might try to submit additional, unexpected parameters in a request), you can specify which columns in your table can be mass-assigned using the $fillable
property.
Example:
class User extends Model{
protected $fillable = ['first_name', 'last_name', 'email'] ;
}
In this case, only the first_name
, last_name
, and email
fields can be mass-assigned, protecting all other fields from potential vulnerabilities.
5. $guarded
As the counterpart to $fillable
, the $guarded
property is a list of attributes that should not be mass-assignable. If $fillable
is like a whitelist, $guarded
is a blacklist.
Example:
class Post extends Model{
protected $guarded = ['post_id', 'views'];
}
this means that you can't mass assign post_id and views but you can mass assign all the other columns in the posts table.
Conclusion:
These properties on Laravel models provide developers with granular control over how they interact with their database, ensuring both security and functionality. By mastering these properties, you ensure that your application's data layer is robust, efficient, and resistant to common vulnerabilities.