更新时 排除空的密码 有大用

You should check this in your controller and make sure that the password field isn't posted when it's empty for example

if ($request->get('password') == '') {
    $user->update($request->except('password'));
} else {
    $user->update($request->all());
}

Level 2

If all my fileds is required this is a bad solution?

$user->update(array_filter($request->all()));

Level 50

What is array_filter doing here?

Laravel models have a $fillable property which protects you to assigning field that you don't want to be assigned through a form.

Level 2

来自 https://laracasts.com/discuss/channels/general-discussion/prevent-update-empty-password

array_filter remove all empty elements of an array, and becouse all my model attributes is required it works. Yes, I know and I use the $fillable property.

Please sign in or create an account to participate in this conversation.

update user: allow blank password

Auth users can edit their profile and also their password. Although the two password fields can remain blank. In this case the mysql password field should not be updated.

This is my Update method in de UserController:

public function update($userId, UserRequest $request){
    $user = User::findOrFail($userId);
    if ($request->has('password')){
        $this->validate($request, [
            'password' => 'required|confirmed|min:6',
        ]);
        $request->request->set('password',bcrypt($request->password));
        $request = $request->all();
    }
    else{
        $request = $request->except(['password']);
    }
    $user->update($request);

Is this considered secure?

And Is this good practice, could the code be cleaner? And how should refactor this? just add private methods or repo pattern?

Thanks in advance!

Level 7

miiikkeyyyy•Oct 7, 2015

I'd personally put the functionality in the "App/User.php".

I try and keep as much code out of my controllers as possible.

Level 14

MikeHopley•Oct 7, 2015

I'd personally put the functionality in the "App/User.php".
I try and keep as much code out of my controllers as possible.

...well, if you're really trying to clean up, there are better places to put this than on the User model.

You could create an UpdateUser command / job / service class (take your pick).

Level 50

Just do $request->all() and in the rules add sometimes to the password fields. This will allow Laravel to validate the password fields if they're set (in the request to update) but also allow it to pass if it's not present.

Level 3

t0ne•Oct 7, 2015

thank you for your reply!

@Mike Hopley That's exactly what ik would like to learn.
Currently i can make everything work, now i'm at the point to make use of Repositories, Service Classes, command, Jobs Just like https://laracasts.com/discuss/channels/laravel/models-repositories-service-classes-jobs-commands.
Any advice on where to start?

@bashy thanks, i've noticed that when a form field is not changed the query won't update that column at all.

Level 50

I thought you wanted to only validate the password if it was filled in the form?

Level 3

t0ne•Oct 7, 2015

that's right, so your advice was just what needed;) But i didn't know that update sql statement is build by the changed values.

Level 50

Okay. Yes the update only updates fields that you supply. It's just like a normal SQL query doing an UPDATE. something = 'value'. If you don't supply a field, it won't touch it.

Level 3

t0ne•Oct 7, 2015

just to be sure: if you don't edit a field, it won't touch it, right?

Level 50

来自 https://laracasts.com/discuss/channels/code-review/update-user-allow-blank-password?page=1

Are you talking about fields that have values populated in the inputs or a password field where it's blank and you leave it blank while submitting it?

If you supply a field, it will use UPDATE on that field. If you return the contents of $request->all() you can see which will be.

Level 3

t0ne•Oct 8, 2015

oke, i thought that unchanged values are not in included the query. I will check again, thanks!

Level 3

t0ne•Oct 8, 2015

When i change my 'name' and submit: (only the name column will update)

    [0] => Array
        (
            [query] => update `users` set `name` = ?, `updated_at` = ? where `id` = ?
            [bindings] => Array
                (
                    [0] => Tone Why
                    [1] => 2015-10-08 08:51:37
                    [2] => 1
                )

            [time] => 0,82
        )

when don't change any value and submit:

Array
(
)

Level 50

bashy•Oct 8, 2015

That's expected? What do you want it to do?

Level 3

t0ne•Oct 8, 2015

big miscommunication from my part sorry!

Prevent update empty password

Where is the right place to put the check of an empty value? In the model, or in the controller? In my model I have this mutator to hash the password before save it in the database:

    public function setPasswordAttribute($password)
    {
        return $this->attributes['password'] = bcrypt($password);
    }

But I need to do this check in the controller to prevent update password with an empty value:

        if (trim($request->password) != '') {
           $user->password = $request->password;
        }

Where is the right place to put this check according to SOLID principles?

Level 50

bobbybouwmann•May 3, 2016

Level 2

coder81•May 3, 2016

Sorry, I not specified that this check is in the update, because the password is required in the create, but not in the update.

Level 50

You should check this in your controller and make sure that the password field isn't posted when it's empty for example

if ($request->get('password') == '') {
    $user->update($request->except('password'));
} else {
    $user->update($request->all());
}

Level 2

If all my fileds is required this is a bad solution?

$user->update(array_filter($request->all()));

Level 50

What is array_filter doing here?

Laravel models have a $fillable property which protects you to assigning field that you don't want to be assigned through a form.

Level 2