Laravel is an open-source PHP framework extremely popular with modern web developers. It provides a wide range of tools and features necessary for building ground-breaking PHP apps.
At the same time, developers often face Laravel database migrations. What are they? Laravel migrations function like version control for a database. They provide a development team with the possibility to define and share the app's database schema definition. Thus, it's possible to add different elements like columns and tables in the database without actually going to its managers, such as SQLite or phpMyAdmin.
Moreover, there are other facts you should know about Laravel migrations. And in this article, you'll find out the most important information related to the creation of Laravel migrations, their security, structure, etc.
Creating a New Database Migration
The creation of new Laravel database migration is important but, at the same time, a relatively simple process. You should follow two major steps:
1. First of all, you should run the next command to create a migration table:
php artisan migrate:install
Take into consideration that the migrate:install command is used to create the migration table in the app's database. It tracks Laravel migrations that have already been executed. If your command is executed successfully, a new table "migrations" will appear in the database.
2. Now, you should generate a new migration file to create a new table "posts". Just run the following command to deal with this task:
php artisan make:migration create_posts_table --create=posts
As soon as it's executed, you'll see that a new migration file has appeared in the database/migrations directory names as [timestamp]_create_posts_table.php.
Structure of a Migration
If you want to get acquainted with the migration structure, you should open a newly created migration file. Take into consideration that each Laravel migration extends the Migration class. Plus, there must be two methods – "up" and "down".
The first one includes the operations that are executed during the running of the Laravel database migration. Meanwhile, the down() method consists of the operations that are executed in case you roll back migration. As a rule, it reverses everything performed by the up() method.
Both methods include the operations that create and modify database tables with the help of the Laravel Schema Builder. It provides the developers with a wide range of functions that make any possible database update you want to apply. In addition, consider that Laravel Schema Builder offers a variety of methods, including table-level operations, column-level operations, and index-level operations.
Authentication is an integral part of the majority of modern apps. Fortunately, you can set up an authentication system using the Laravel framework without any troubles. You'll need to run only one command:
$ php artisan make:auth
Due to it, you'll save hours of work because you won't need to write everything from scratch using vanilla PHP. The command will immediately create an authentication scaffold with routes and views.
You can find the generated views in the resources/views/auth folder. They are used for login, registration, and reset of the password. At the same time, the controllers for the mentioned operations can be found in app/Http/Controllers/Auth.
In addition, if you look at the registration controller, you may notice the protected variable $redirectTo. It holds the URL your app will redirect to after the successful registration. The constructor also defines the middleware the registration has to run first before continuing to the next controller.
It's possible to use the middleware offered by Laravel. It verifies the authentication of the app’s user. In case the authentication isn't approved, the middleware will redirect the user to the login screen. On the contrary case, it'll allow proceeding further into the app.
In case you use the command "$this->middleware('guest')", you'll allow the users that are not logged in or authenticated to get access to the registration page. The validator() function is responsible for validating every field of the entering registration information. For instance, 'name' => 'required|string|max:255' ensures that the Name field isn't empty, is a string, and doesn't include more than 255 characters.
Finally, the create() functions stores the validated information using the User model. Its Hash facade ensures the protection of the data with the help of secure Bcrypt and argon2 hashing. As a rule, the first option is used for authentication and registration by default.
Model View Controller or MVC is a way to separate your app's data model and logic away from the view. Due to it, you can make the code organization clean and improve the development time of a digital project.
Developing apps with Laravel is your chance to organize everything in order to find whatever you need as soon as possible. Besides, you can get even better results by following coding principles, such as SOLID.
You'll discover a wide range of security features when you start using Laravel. Nonetheless, many developers make a big mistake by not taking them into account. Thus, in case you want to migrate to Laravel and get several amazing advantages, you should certainly consider the security features described below.
Cross-Site Request Forgery (CSRF)
This feature protects authenticated users from making valid requests on behalf of cyber-criminals. Thanks to the CSRF token, your application will be able to restrict hackers from making such fraudulent requests. It'll generate and add a valid token that should be provided in each request. And it doesn't matter whether the request comes from a form or whether it's an AJAX request.
Laravel will compare this token with the value it has saved additionally to that certain user's session. If it doesn't match the one stored, the request will be invalid.
Protection against Cross-Site Scripting (XSS)
Fortunately, Laravel uses the Blade templating engine. Due to it, your application is safe from XSS attacks by default.
Protection against SQL injection
Laravel uses PDO parameter binding that makes its applications resistant to SQL injection. It ensures that the information passed from users in request variables isn't directly used in SQL queries.
Laravel is an amazing framework that significantly simplifies the majority of tasks as well as offers wonderful possibilities. And if you want to use it to develop your own online project or want to deal with Laravel migrations, you certainly need professional assistance. Luckily, SolidBrain is here to help you! Just get in touch with our developers, and we'll start working on the implementation of your ideas immediately