Hiding Fields When Querying Laravel Eloquent Models

Chris Sevilleja

When using Laravel's Eloquent to get data back from our database, sometimes we don't want to get certain information out of that call.

Why Would We Hide Attributes?

There are a few scenarios where this would be wanted. For instance, we don't want to get a password (hopefully hashed) out of our database and display that to users.

To Hide an Attribute

Hiding an attribute is a simple process. All the work is done when defining your Eloquent model.

<?php

class User extends Eloquent {

     protected $hidden = array('password', 'token');

}

Just like that, you won't have those fields come through when accessing your Eloquent models.

<?php

Route::get('users', function() {
     return User::all()->toArray();
});

Now the above code won't show off our secret password or token information. You probably wouldn't do the above code anyway, but it is just a good precaution to make sure that passwords don't accidentally get spit out to users in any way.

Further Reading: A Guide to Using Eloquent ORM in Laravel

Chris Sevilleja

162 posts

Co-founder of Scotch.io. Slapping the keyboard until something good happens.