Laravel's forceFill() and forceCreate()

January 23rd, 2019 - 1 min read

Laravel has an undocumented method on eloquent models called forceFill().

Looking at the code found in Eloquent's Model.php you'll find the following method definition:

public function forceFill(array $attributes)
    return static::unguarded(function () use ($attributes) {
        return $this->fill($attributes);

The forceFill effectively ignores your $fillable array on the model and will update your model with the array key-value pairs that you pass to it.

You should forceFill with caution though. $fillable is partly used to allow you to mass fill a model with values, which could perhaps have come from a form. There are probably fields against your table you don't want your users to be able to edit themselves. For example, you could have an is_admin flag on your users table, or award something for length of user account using the created_at datetime, so you definitely don't want users to be able to simply add some fields to the request.

As well as forceFill we also have forceCreate which works in a similar way, but creates the model instead of filling it with updates.