No it is not... http://api.cakephp.org/class_model.html#ebe42ae387be89985b5a35dd428f5c81
The third param in the save method is what you are looking for in 1.1 same goes for 1.2 but version 1.2 also has the security class that does a little more magic. -- /** * @author Larry E. Masters * @var string $userName * @param string $realName * @returns string aka PhpNut * @access public */ On 7/30/07, morecakepls <[EMAIL PROTECTED]> wrote: > > > Hi > > What if my table is named User and there are three fields called > Username, Password, Secretvalue. I present the user a form to change > the username and password and use the $this->User->save($this->data) > function in the controller to save the form data to the database. > > I managed to use firefox to create another input element for the > Secretvalue and changed the Secretvalue in the User table. Is this not > a serious security issue? How can I avoid this? Should I validate > before saving data to the database? > > Thanks > morecakepls > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
