insert data passing only $ _POST using Laravel

Navigation
2

Assuming that all% of% of inputs have the same name as the column of the database. 

public function create(){
    // o que está abaixo é um exemplo com os dados já populados
    $arrayDados= Input::all();
    unset($arrayDados["_token"]); 
    /*$arrayDados = array(
        "valor1" => "teste",
        "valor2" => "1234",
        "valor3"=>1234
    );
    DB::table("tabela")->insert($arrayDados );*/
    DB::table("tabela")->insert($arrayDados );
}

//HTML

<input type="text" name="valor1"/>
<input type="text" name="valor2"/>
<input type="text" name="valor3"/>

//Na tabela do banco de dados
coluna de nome: | valor1 | valor2 | valor3 |

I have 4 forms of ENEM questionnaires (ranging from school material) with 100 questions each. There are several names , radios buttons etc. in my view, I find it hard to bind each of the textareas of name's to the bank column. Is it a good practice? is there any security breach that could happen?

    
asked by anonymous 21.05.2016 / 02:58

1 answer

1

Before any contact with the database, the server MUST ALWAYS validate the inputs via POST and GET if it comes from the HTML / URL form.

This depends on whether you want the validations to be the same for all user inputs. Ex: Assuming that the names of the html inputs are the same as the names of the columns of the table where you want to insert the data, and you just want them to be numeric:

Laravel 5 +: 

public function receber_dados(Request $request) {
    $inputs = $request->except(['_token']); //todos os inputs (name => input) excpeto o crsf_token

    foreach($inputs as $key => $value) {
        $inputs[$key] = e($value); // versão curta de laravel para htmlentities, prevenção de javascript/html na nossa base de dados
        $rules[$key] = 'numeric';
    }

    $validator = Validator::make($inputs, $rules);
    if ($validator->fails()) {
        return redirect()->back()->withErrors($validator);
    }

    DB::table("tabela")->insert($inputs);
    $success = 'dados inseridos';
    return ...;
}

But if you want different validations. As for example checking if an email is unique in the table that is in the Database, or checking if the passwords match and / or hash the password there you will have to deal with each of these 'exceptional' inputs in your own way.

In laravel it even simplifies life because you can use built-ins validations of Laravel in the most common validations

    
21.05.2016 / 03:25
WCF parameter out bool Access javascript object in html form