Laravel 5 : MassAssignmentException in Model.php
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
Title: Unraveling Laravel 5's MassAssignmentException: A Comprehensive Guide to Fixing the _token Issue in Model.php
Introduction: When working with Laravel, we may sometimes encounter errors that can disrupt our flow or development process. The MassAssignmentException is an error that frequently occurs when using the create method inside a model's controller. In this blog post, we will take a closer look at this issue and explore how to fix it in your Laravel 5 projects.
Understanding MassAssignmentException: The MassAssignmentException is primarily caused due to Laravel attempting to mass-assign properties during the creation or updating of an object. In order to prevent accidental data exposure, Laravel restricts the ability for models to be assigned data that was not explicitly declared in their attribute definitions. This exception occurs when the model tries to mass-assign a protected property, which is not allowed by default.
Common Causes and Solutions: One of the most frequent causes of this error is the presence of a protected token property in your model. The protected _token property can be assigned during the process of authenticating user sessions. However, it should not be accessed or mass-assigned outside of that context. To resolve this issue, follow these simple steps:
1. Remove the "_token" property from your model's attributes list: Go to your model file (e.g., Contacts.php) and update your protected $fillable array to only contain the fields you want to be mass-assignable. For example:
class Contacts extends Model
{
protected $table = ['name', 'mobile', 'email', 'address', 'created_at', 'updated_at'];
protected $fillable = ['name', 'mobile', 'email', 'address'];
}
2. Remove the "_token" property from your input data: Make sure that you are not sending any _token values in your request data. If this property is present, Laravel will try to assign it to the model and trigger the exception. Ensure that only the fields defined as fillable can be assigned through your form or API endpoint.
3. Provide access control for mass assignment: If you want to allow multiple fields to be mass-assignable at once, consider defining a $guarded property in your model class instead of using protected $fillable. This will allow Laravel to bypass the MassAssignmentException when creating new models or updating existing ones with mass-assigned data.
class Contacts extends Model
{
protected $table = ['name', 'mobile', 'email', 'address', 'created_at', 'updated_at'];
protected $fillable = ['name', 'mobile', 'email', 'address'];
protected $guarded = [];
}
Conclusion: The MassAssignmentException in Laravel 5 can be a frustrating issue to overcome, but with the correct understanding and proper implementation of model attributes, it is possible to avoid this error. By ensuring that your models' protected properties are not mass-assigned during creation or updates and that only validated data is being sent from forms or APIs, you can successfully minimize these errors in your Laravel projects. For more guidance on working with Laravel and resolving common issues, be sure to visit https://laravelcompany.com for a wealth of resources and tutorials.