I am building a form to handle password resets on a site using ZF. On
one of the fields on this form, I tried using the Db_RecordExists
validator:
$email_address = $this->getElement('email_address');
$email_address
->setRequired(true)
->setLabel('E-mail Address')
->setDescription('Enter the e-mail address that you used
to create your account.')
->addFilter('StringTrim')
->addValidator('EmailAddress', true)
->addValidator('Db_RecordExists', true,
array('InviteeCredentials', 'LoginID'));
I only granted access to that one column to the web user account, but
that appears to be insufficient since the query generated by the
validator by way of Zend_Table attempts to select all columns:
SELECT TOP 1 "InviteeCredentials".*, "InviteeCredentials"."LoginID"
FROM "InviteeCredentials" WHERE ("LoginID" = '[email protected]')
I can get around this by either granting SELECT permissions to the
whole table or by building a view that contains only the column(s) I
want the web user to be able to select, but that should not be
necessary, kind of like driving a tack with a sledgehammer. Why does
the validator need to include any columns other than the one that you
pass to the constructor? For that matter, this query would provide all
the information the validator needs to be able to do its job:
SELECT TOP 1 'Exists' AS 'Exists' FROM "sometable" WHERE "somecolumn"
= 'testvalue'
Andrew
