One way is to just don't allow id fields to arrive from outside, when submitting a form! This also applies when working with multiple records in an update form. So that means you have to know when you are expecting an update and when a new record! Enjoy, John
On Apr 30, 3:59 am, "Dave Maharaj :: WidePixels.com" <[email protected]> wrote: > Just reading up on $blacklist and $whitelist fields when > saving.http://teknoid.wordpress.com/2009/03/11/blacklist-your-model-fields-f... > / > > My question using an example where > USER HABTM ORGANIZATIONS > USER HABTM SKILLS > USER HABTM so on.... > > I build a form where the User can update their SKILLS (only skills, no other > info) > the only fields being updated are id, user_id and skill_id in the > users_skills table > > how do you blacklist or whitelist a field that is used in all the tables > such as id? Because the users_skills 'id' obviously need to allow but not > the Users 'id' > > $this->User->save($this->data); > > i only ask because in my save() i see the SQL queries and see all the info > pertaining to the User when a change is made > > So if someone made a new field with FireBug name=data[User][password] or > name=data[User][id] could they not submit the form and update the values in > the table? > > Dave --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
