Hello and thanks for all your answers On Nov 23, 12:34 pm, small <[EMAIL PROTECTED]> wrote: > Miachel, > Good question - you will actually find the first few chapters of the > book explain each part of the MVC model - and what part of your code > should go where. I strongly recommend you have a read of the first few > chapters of the book to see where is the best place to place what.
Yeah, i read it. But still it doesn't answer to my question whether validation should occur only in form or also in data model (which i think gives more security). > > Agree with Lee - store CartID in the Session, never pass it through on > the form, or otherwise anyone could fake someone else's cartID. > Sherif Ok, this resolves my problem (i don't know why i haven't thought about it). But still it doesn't protect from program error. Something like this: $pos = new CartPosition(); $pos->product = "some product"; $pos->cart = CartTable::findByPk($someWrongId); $pos->save(); If there's no validation in CartPosition it let to save even where cart is wrong (from non logged user). Should i secure this or i'm just getting paranoid ? :) If so - is it good to couple data model with SfUser? This way it would be hard to extract just model classes and use it in non-symfony project. Only solution i see is some kind of dependency injection. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
