Laravel inject data in input before store

Question

in the store function in my controller I have:

public function store()
    {
        $validator = Validator::make($data = Input::all(), Item::$rules);

        if ($validator->fails())
        {
            return Redirect::back()->withErrors($validator)->withInput();
        }

        Item::create($data);

        return Redirect::route('spesas.index');
    }

What is missing is the user_id field.

I tought since the inserting user is the auth one, to not pass the id via POST, but retrieve it with Auth::user() in the controller (It seemed more secure).

Now I have the problem to insert the Auth::user() id in the input fields before Item::create($data);

Am I doing the Right Thing? Any suggestions?

Thanks,

Well, I don't know much about Laravel. But what speaks against $data['user_id'] = Auth::id(); before creating the item? — Charlotte Dunois
– Charlotte Dunois, Commented Aug 17, 2014 at 22:25

Gareth Daine · Accepted Answer · 2014-08-18 08:57:59Z

2

Just add your user id to the $data array by doing:

$data['user_id'] = Auth::user()->id;

Simple as that. :-)

Alternatively, you could have a hidden input field named 'user_id' and add the currently authorised users id as the fields value. Up to you.

edited Aug 18, 2014 at 8:57

answered Aug 18, 2014 at 8:50

Gareth Daine

4,2065 gold badges44 silver badges67 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Carlo Over a year ago

I'll try the first solution. The hidden field opens a whole lot of other problems, since a malicious user can modify it and associate Items to other users.

Gareth Daine Over a year ago

True, though you could perform a check to see if the id passed corresponded to Auth::user()->id and if it didn't return back with the appropriate response.

Joseph Silber · Accepted Answer · 2014-08-17 23:09:37Z

1

The good old + sign will help you here:

Item::create($data + ['user_id' => Auth::id()]);

answered Aug 17, 2014 at 23:09

Joseph Silber

221k59 gold badges369 silver badges292 bronze badges

2 Comments

Carlo Over a year ago

Nope :/ Still gave me SQLSTATE[23000]: Integrity constraint violation: 19 Item.user_id may not be NULL (SQL: insert into "items" ("amount", "context_id", "updated_at", "created_at") values (2, 2, 2014-08-18 07:11:41, 2014-08-18 07:11:41))

Carlo Over a year ago

Uhm actually seems that Auth::id() is empty :_| (and I am sure I'm authenticated)

Ivan B. · Accepted Answer · 2014-08-18 08:18:08Z

0

Try Auth::user()->id, not Auth::id()

Or

$item = new Item($data);
Auth::user()->items()->save($item);

answered Aug 18, 2014 at 8:18

Ivan B.

134 bronze badges

1 Comment

itsazzad Over a year ago

Why not to use Auth::id() ?

Carlo · Accepted Answer · 2014-08-24 22:13:29Z

0

So basically the cleaner solution I found is to inject, in the constructor of the model, the correct id. So I'll free the controller of the hassle ( and avoid duplicated code)

answered Aug 24, 2014 at 22:13

Carlo

2,11221 silver badges30 bronze badges

1 Comment

itsazzad Over a year ago

Please write down your code snippet so that people can know what you had used actually.

Collectives™ on Stack Overflow

Laravel inject data in input before store

4 Answers 4

2 Comments

2 Comments

1 Comment

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

2 Comments

2 Comments

1 Comment

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related