17 hours ago, web541 said:
No, the _token is the CSRF token so that’s not stored in the database at all. Just realised that the CSRF token has been disabled (not sure why), so if you have anything to do with @csrf or _token in your form just remove it for now.
It was causing a lot of issues so I had disabled it, but it’s still enabled in some places. I have to look at re-enabling, I think I fixed most of those issues
12 hours ago, web541 said:
How are you handling the form data in your create() method? Are you using $request->all() by any chance? If you are then that would be why the _token is showing as it’s part of the request (as you already know). From my understanding, if you are going to use $request->all() you should specify your fields/column names that you will be using as part of your $fillable property on your model. Like this
https://github.com/nabeelio/phpvms/blob/dev/app/Models/Airline.php#L34
That way (at least from my understanding), by using $request->all() you are only allowing the fields you have specified in $fillable to be modified in your database, so you are protected from anyone adding a hidden input field into your form for example. This will also allow you to use it without getting that ‘_token column not found’ error as it’s not specified in your $fillable property. But can confirm this.
This is right, it will only allow what’s marked as OK in $fillable. But you always have to have $fillable set, if it’s not there, it won’t get filled (got bit by that a couple of times). For example with Frontend/PirepController::store(), I use $request->all()
On 5/25/2020 at 9:51 AM, nickkecooper said:
Fixed! Thank you Now when I do it the correct way on the create.blade.php, I get this error Column not found: 1054 Unknown column ‘_token’. Should I do an except command on my insert?
We’ll need to see the code for the store() method and also what the model looks like.