Read this section of Laravel doc : http://laravel.com/docs/eloquent#mass-assignment
Laravel provides by default a protection against mass assignment security issues. That’s why you have to manually define which fields could be “mass assigned” :
class User extends Model
{
protected $fillable = ['username', 'email', 'password'];
}
Warning : be careful when you allow the mass assignment of critical fields like password or role. It could lead to a security issue because users could be able to update this fields values when you don’t want to.