I have a 2 tables, Courses and Lessons:
Course:
id, user_id, title
Lessons:
id, course_id , title
And I have updated their Eloquent Relationship.
Now my problem is, how to create a lesson without using a parameters in the form? Because i think it's not a good practice and prone to security issues, like editing the html tag.
<form method="POST" action="" class="form-horizontal" enctype="multipart/form-data">
<div class="form-group">
<label class="control-label col-sm-2" for="title">Title:</label>
<div class="col-sm-10">
<input type="text" class="form-control" id="title" name="title" placeholder="Enter title">
</div>
</div>
</form>
From my route:
Route::group(['prefix' => 'lesson'] , function(){
Route::get('create/{course_id}' , 'LessonController@create');
Route::post('store/{course_id}' , 'LessonController@store');
});
And my controller:
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Course;
use App\Lesson;
class LessonController extends Controller
{
public function create($course_id)
{
$course = Course::find($course_id);
return view('lesson.create' , compact('course'));
}
public function store(Request $request, $course_id)
{
$lesson = new Lesson;
$lesson->title = $request->title;
$lesson->course_id = $course_id;
$lesson->description = $request->description;
$lesson->episode = $request->episode;
if($request->hasFile('video'))
{
$file = $request->file('video');
$extension = $file->getClientOriginalExtension();
$video = 'course' . $course_id . '_ep' . $request->episode . $extension;
$destinationPath = public_path() . '/uploads/lessons/';
$file->move($destinationPath, $video);
$lesson->video = $video;
}
$lesson->save();
return redirect('course/show/' . $course_id);
}
}
and also, hidden input is not also advisable.
via Vahn Marty
