4.2 Saving Database Records

We are finally ready to start working with actual data now that we have a guitars table and our guitar model. And the first thing that we need to do is create a view that's going to have the form so that we can submit data to the server. And then we can take that information and store it in the database. So let's start by going to our controller. App Http Controllers and then GuitarsController. And we want to implement the create method because this is what is going to be called in order to show our form. So all we need to do is return that view. And the view name is going to be guitars.create. So we can create that view or we can copy it from another view. And let's copy it, let's use the show. Because that's going to give us the least amount of stuff that we need to change. And we will of course call this create.blade.php. And I am going to paste in the markup for this form because you don't want to see me type all of this out. But it's very simple. There are three fields, the first is guitar-name, that's for the name of the guitar, then we have another field for brand, and then one for the year. Now, the very important thing here is the name attributes, because that is what's going to be used to submit the data to the server, that's what the browser needs. And there's also some CSS that I'm going to add to our sites.css file that is inside of public CSS and then site.css. We're not going to go over this, it's just adding some rules so that our form isn't going to look completely horrible. So with that done, we should be able to go to guitar/create, and we will see our form. There it is. Now of course, we could fill this out and submit it, but we're not going to be doing anything with that because we need to write that code. So let's do just that. The first thing that we need to do is add a use statement so that we can pull in the guitar class. So that is app/model slash guitar and then we want to create a new instance of this class. So that will be the first thing that we do, we can just call that guitar. And here's the idea, we are going to assign values to the appropriate properties. Well, our properties are the names of the columns that we created. So we have a name property, a brand property, and then this year_made. So it's going to look like this where we say guitar name =, and we're going to use this request that was passed as the parameter to this method. This is a lot like the request function that we used all those lessons ago whenever our routes were inside of the web.php file. And in fact, we could use request here, if we wanted. But since we have this request object, let's just go ahead and let's use that. Now, instead of using this like the request function, this is an object and we want to retrieve the input that was provided so we call a method called input. And then we pass in the name of the form field that we want to retrieve here, which was guitar-name. And then we just need to rinse and repeat for the other values. So we had brand which just happened to be the same name as the form field. So we will reuse that, then we had year_made, and in the request, that was just year. So we are building this object one property at a time. And then finally we want to save that in the database. So we call the save method on this guitar object. And then we're good to go. But then we want to do something else, we don't want to just save the guitar and then stay there. We want to redirect to someplace else. And where we redirect to really depends upon our application. So we could call a function called redirect. And then we could pass in the URL of wherever it is that we want to redirect to. But, URLs change, and it would be nice to have the flexibility of using the route name to generate that URL. And we can do just that by calling redirect, this is going to return an object that has a route method and that we just specify the route name of where we want. And I think going to the guitars index makes sense in this case. So that whenever we create the guitar, it will take us back to the index so that we can then see all of the guitars that have been created. But of course the guitars that we are displaying are all hard coded. So instead of calling this getData method that we have, we can use our guitar model, and we can retrieve all of the records. That's essentially going to give us the same thing but of course now we're going to be reading data from the database. So in this case, we are creating and we are reading, that's the C and R of crud. So let's go to the browser, there's one other thing. Let's go back to our create view because we need to specify the action here, I did not do that. And once again we can use route, in this case, and then we will simply have the route function generate the URL for the guitars.store route. So with that in place, let's go back to the browser. Let's refresh so that that is going to change. And let's store some data. So let's store a Starla S2, the brand is going to be PRS. Year made, it really doesn't matter, let's say 2015, and then let's submit. And what do we get? 419, PAGE EXPIRED. What in the world does that mean? Well, we just performed a post request which is supposed to change something on the server, and there are other types of requests that do that as well. There's update, delete and a few others. But the main thing is that we are changing something which is useful, but it's also very dangerous. Because requests can be forged. An attacker can forge a request to our application. And if we're not careful, it will execute that request. And it could end up completely destroying our application, or at least the data that our application is working with. So, this type of request is called a cross site request forgery or a CSRF. It's very common. And the way that we prevent this type of attack is including a special form field in our form. It has a particular value that the server is expecting. And if that value isn't there, or if that value is different than what the server expects, then it's going to reject that request. As I said, this is a very common type of attack. Every language, platform and framework has some easy way of dealing with it. So, Laravel gives us a directive, something called csrf. That's all that we have to do. We need to add this to our form. It can be anywhere in the form, and that's going to solve our problem. So let's go back, let's refresh and let's inspect so that we can see that form field. You can see that it is a hidden form field and it has a particular value. If that value isn't there, or if it's different, no cigar. So, with that in place, we can now fill out this form. So we'll redo Starla S2, the brand is PRS. I think we did 2015 for the year made. If we submit this, then we shouldn't see any kind of errors, but of course we do, map model guitar or app model guitar not found. Well, let's make sure that I did that correctly. So let's open up models. And that's the problem, models is plural, it's not singular. So we need to change that so that it's models. Let's go back, let's refresh. We can resubmit this form, that's going to be fine. So we'll just click on Continue, and here we are back at the index. We can see that we are reading data from the database, because now we see Starla S2. But we didn't display anything about the year. So let's go ahead and let's add that to the index view so that we can put this inside of our list here. So that it was made by the brand. And it was made on a particular year. We'll just call that Year made, and then we will have the Year made listed. So we can go back, refresh, and there we have that. Well that's all well and good. However, there is no validation going on. So in the next lesson, we are going to look at how we can validate the input