Skip to main content
Laravel Basics Tutorial
CHAPTER 10 Beginner

Building CRUD Applications in Laravel

Updated: May 14, 2026
35 min read

# CHAPTER 10

Building CRUD Applications in Laravel

1. Introduction

You now understand all the individual pieces of the MVC architecture: Routes, Controllers, Blade Views, and Eloquent Models. In this chapter, we will synthesize these components to build the foundation of 90% of all software: a complete CRUD (Create, Read, Update, Delete) application. We will build a backend panel to manage Blog Posts.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Use Artisan to generate a Model, Migration, and Resource Controller simultaneously.
  • Wire a Resource Controller to a resourceful Route.
  • Build the Views required for listing, creating, and editing records.
  • Implement the complete CRUD data flow.

3. Beginner-Friendly Explanation

Building CRUD in Core PHP was tedious. You had to manually create createpost.php, editpost.php, delete_post.php, write raw SQL for each, and manually link them together. Laravel treats CRUD as a standardized package. With a single terminal command, Laravel generates the Controller containing all the necessary "rooms" (methods). With a single route, the Receptionist (Router) knows exactly how to direct traffic to those rooms. All you have to do is fill the rooms with Eloquent code and Blade HTML.

4. Step 1: The Magic Generation Command

We need a Model (Post), a Database Migration, and a Resource Controller. Instead of typing 3 separate commands, Laravel has a shortcut.

Open the terminal:

bash
1 
php artisan make:model Post -mc

*(The -mc flag tells Artisan: "Make a Model, and also make a Migration and a Controller!)*

5. Step 2: The Migration and Model

Migration (database/migrations/...createpoststable.php):
php
12345678 
public function up() {
    Schema::create('posts', function (Blueprint $table) {
        $table->id();
        $table->string('title');
        $table->text('content');
        $table->timestamps();
    });
}

Run php artisan migrate.

Model (app/Models/Post.php):

php
123 
class Post extends Model {
    protected $fillable = ['title', 'content']; // Allow Mass Assignment
}

6. Step 3: The Resource Route

Instead of writing 7 separate routes for displaying, creating, editing, and deleting, we write one.

routes/web.php:

php
1234 
use App\Http\Controllers\PostController;

// This single line generates all 7 CRUD routes automatically!
Route::resource('posts', PostController::class);

7. Step 4: Building the Controller (The Logic)

Open app/Http/Controllers/PostController.php. Artisan has already created the empty methods. Let's fill the core ones.
php
12345678910111213141516171819202122232425262728293031 
<?php
namespace App\Http\Controllers;
use App\Models\Post;
use Illuminate\Http\Request;

class PostController extends Controller
{
    // READ: Show all posts
    public function index() {
        $posts = Post::all();
        return view(&#039;posts.index', compact('posts'));
    }

    // CREATE (Show Form)
    public function create() {
        return view(&#039;posts.create');
    }

    // CREATE (Save Data)
    public function store(Request $request) {
        Post::create($request->all());
        return redirect()->route(&#039;posts.index')->with('success', 'Post created!');
    }

    // DELETE (Destroy Data)
    public function destroy($id) {
        $post = Post::findOrFail($id);
        $post->delete();
        return redirect()->route(&#039;posts.index')->with('success', 'Post deleted!');
    }
}

8. Step 5: Building the Blade Views (The UI)

Create a new folder resources/views/posts/.

index.blade.php (The Dashboard):

html
1234567891011121314151617 
<h1>All Posts</h1>
<a href="{{ route(&#039;posts.create') }}">Create New Post</a>

<ul>
    @foreach ($posts as $post)
        <li>
            {{ $post->title }} 
            
            <!-- DELETE BUTTON (HTML forms only support GET/POST, so we use a Laravel method spoof) -->
            <form action="{{ route(&#039;posts.destroy', $post->id) }}" method="POST" style="display:inline;">
                @csrf
                @method(&#039;DELETE')
                <button type="submit">Delete</button>
            </form>
        </li>
    @endforeach
</ul>

create.blade.php (The Form):

html
1234567 
<h1>Create Post</h1>
<form action="{{ route(&#039;posts.store') }}" method="POST">
    @csrf
    <input type="text" name="title" placeholder="Title"><br>
    <textarea name="content" placeholder="Content"></textarea><br>
    <button type="submit">Save Post</button>
</form>

9. The Method Spoofing Trick (@method('DELETE'))

HTML forms are technologically limited; they only support method="GET" and method="POST". However, RESTful APIs require DELETE and PUT (Update) methods. Laravel solves this elegantly. You set the form to POST, but include the @method('DELETE') Blade directive inside the form. Laravel intercepts the request and treats it as a legitimate HTTP DELETE request, routing it perfectly to the destroy method in the Controller.

10. Common Mistakes

  • Putting Delete Actions on <a> Tags: Beginners often write <a href="/posts/delete/5">Delete</a>. This is a massive security flaw. Search engine web-crawlers click every <a> link they find. If Google crawls your dashboard, it will click all your delete links and erase your database! Delete actions MUST always be submitted via a POST/DELETE <form>.

11. Exercises

  1. 1. Trace the execution path: A user fills out the create.blade.php form and clicks Submit. Which route catches it? Which controller method handles it? Where does the data go?

12. Coding Challenges

  • Challenge: The Controller code above omits the Update logic. In PostController, write the edit($id) method to fetch a post and return an edit.blade.php view, and write the update(Request $request, $id) method to save the changes.

13. MCQs with Answers

Question 1

What does the Artisan command php artisan make:model Product -mc generate?

Question 2

Because standard HTML forms only support GET and POST, how do you send a DELETE request to a Laravel Resource Controller?

14. Interview Questions

  • Q: Explain how Route::resource('photos', PhotoController::class) simplifies application routing compared to defining individual routes.
  • Q: Why is it a severe security anti-pattern to trigger a database DELETE operation via a standard HTTP GET request (an <a> tag)?

15. FAQs

Q: Do I have to use all 7 methods in a Resource Controller? A: No! If you only want users to view and create data (but never edit or delete), you can limit the routes in web.php like this: Route::resource('posts', PostController::class)->only(['index', 'show', 'create', 'store']);.

16. Summary

In Chapter 10, the pieces came together. We built a fully functional CRUD application in minutes, not hours. By leveraging Artisan generation flags (-mc), Resource Routes, and Eloquent ORM, we bypassed hundreds of lines of boilerplate code. We also learned how to overcome HTML limitations using Blade Method Spoofing to perform secure Updates and Deletions.

17. Next Chapter Recommendation

Anyone on the internet can currently visit /posts/create and alter our database. We need to lock the doors. Proceed to Chapter 11: Authentication and Authorization.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Eloquent ORM Basics
Next Chapter Laravel Validation and Error Handling

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 6

Related Quizzes 6

🎥 Related Videos 1