Of course there is a cake way! It is in the Model::save method.
Model::save() takes 3 parameters. The last parameter is a list of
fields that are allowed to be written.
So:
...
$allowed_fields = array('username', 'email');
$this->Model->save($this->data, true, $allowed_fields);
...
On 9/14/07, Claudia <[EMAIL PROTECTED]> wrote:
>
> Hi there
>
> I have added a two-dimensional array to each model which
> for each action states the fields that are allowed to be saved
> in this action.
> When I call $this->model->save() in an action, I supply the respective
> array entry as second parameter to the save() function which limits
> the fields that are used during the save.
>
> I don't know whether there is a cake specific way to do this,
> so if you find one, please post it here.
>
>
> @RichardAtHome: If you just remove the form fields from the ctp file a
> malicious user
> could still post to the form action using his own form and thus his
> own form fields. You
> could of course add some checks to verify the integrity of the form
> but this can get
> complicated really quick.
>
>
> Claudia
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
