Ok, so i've been experimenting with model validation. It all seems very cool, except I am seeing some holes.
>From the tutorial this is what I have in the controller: http://bin.cakephp.org/view/2080892837 Problem: What if data is sent through that should NOT be stored in table? How do I stop that? For example, say I had a column named "do_not_store_data_here" in the table. For some reason I do not want any data stored there. I can't think of any particular cases where I would want to do that at the moment but just go with me. I am asking how can I stop people from injecting data into there? I mean, they could easily inject it by sending post data with the key data[Script][do_not_store_data_here]. Or say I am sending POST data with $_POST['foo']. I am using the $_POST['foo'] to decide which page to redirect the user to after he submits a post on his blog. I also happen to have a column in the table named 'foo', but I do not want to store 'foo' there. What can I do in a situation like that? Also, does cakephp take care of mysql injection checking automagically or do I have to call mysql_real_escape_string for everything manually? Thanks a ton, Jonah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
