I think the best alternative is to use the framework's own feature, for this id
you want to spend.
parameters by URL and findOrFail
Controller:
public function anyEdit($id)
{
$usuario = Usuario::findOrFail($id);
return View::make('...', ['usuario' => $usuario]);
}
View:
{{ Form::model($usuario); }}
In the case of the Controller sampled, the findOrFail
method ensures that the user must exist in the database at the time of editing it.
By passing in the input hidden, you run the risk of someone editing the data (with the developer tool for example) and causing problems for your programming.
In the case of findOrFail
taking id
by url usuario/edit/1
, if it places a non existent id, Laravel
will return an exception.
In the case of Form::model()
, we pass the user, to be able to automatically select the fields with the desired value.
Input Hidden Security
You can apply extra security when inputting data.
Let's say you want to validate that field of input hidden
and ensure that the ID exists in the database. You can use exists
validation for this:
$rules = [
'hidden_id' => 'required|exists:tabela,id_dessa_tabela'
];
Validator::make(Input::all(), $rules);
Level Control
And in a third case let's imagine that you have the Produto
model. And you have two types of users on the system (administrator and common).
The common can not edit the field usuario_id
of Produto
; The administrator can.
You can use the reguard
method to protect model data. And unguard
to undo protection.
You can do something like this:
class BaseController extends Controller
{
public function __construct()
{
if (Auth::user()->nivel !== 'administrador') {
Produto::reguard();
}
}
}