Laravel 5: Generating CSRF Hidden HTML Fields With csrf

By John Koster April 14, 2018

The csrf_field function can be used to generate a hidden HTML element containing the value of the CSRF token. These tokens can help to prevent cross-site request forgeries.

#Signature

The signature of the csrf_field function is:

1function csrf_field();

#Example Use

For example, the following HTML code can be greatly simplified using the function:

 1<!DOCTYPE html>
 2<html>
 3<head>
 4    <title>CSRF Token Form Sample</title>
 5</head>
 6<body>
 7    <form>
 8       <input type="hidden" name="_token"
 9              value="<?php echo csrf_token(); ?>"> 
10
11       <!-- Other form inputs here -->
12    </form>
13</body>
14</html>

can be simplified to just:

 1<!DOCTYPE html>
 2<html>
 3<head>
 4    <title>CSRF Token Form Sample</title>
 5</head>
 6<body>
 7    <form>
 8       <?php echo csrf_field(); ?>
 9
10       <!-- Other form inputs here -->
11    </form>
12</body>
13</html>

or with Blade syntax:

 1<!DOCTYPE html>
 2<html>
 3<head>
 4    <title>CSRF Token Form Sample</title>
 5</head>
 6<body>
 7    <form>
 8       {!! csrf_field() !!}
 9
10       <!-- Other form inputs here -->
11    </form>
12</body>
13</html>

∎

Up Next

Laravel 5: Generating CSRF Session Tokens With csrf_token

Learn about the csrf_token function in Laravel, which retrieves the CSRF token from the session storage. The CSRF token...

Laravel 5: Generating HTTPS URLs With secure_url

The secure_url helper function generates secure, fully qualified URLs to a given path in Laravel. It can also add additi...

Laravel 5: Generating Paths Relative to the Application Installation Directory With base_path

Learn how to use the base_path function in Laravel to retrieve the path to the application's directory and construct rel...

Laravel 5: Generating Paths Relative to the Application Root With app_path

The app_path function in Laravel returns the full path to the application directory. The value returned depends on your...