On Apr 20, 10:02 am, fain182 <[email protected]> wrote:
> did you put a hidden field with the id in the view of edit?
> something like:
> echo $form->input('id', array('type'=>'hidden'));
>
Don't do this!!!
When you depend on client side values to update records they can be
changed by malicious users!
I could just changed the ID value in a local copy of the html to the
ID of an element I shouldn't have access to and set the remaining
values to anything I want.
This will allow me to overwrite things I shouldn't.
Instead use server side logic to insert the ID into the data before
saving.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
