Using the session data is fine, but no need to put it as a hidden
field, in fact that's a bad idea as anyone could look at source and
see the users id or worse change their user id value with FireBug and
add items to another users account.
Just inject the user_id into $this->data in the controller before
saving.
HTH, Paul
@phpMagpie
On Sep 18, 4:35 am, Media Affect <themediaaff...@gmail.com> wrote:
> I am trying to determine the best way to grab out the signed in
> user_id for adding items to another belongsto table. Is it ok to use
> the session data for this?
>
> I could easily use this as a hidden field in the form data.
> $session->read('Auth.User.id') ?
>
> But, does this belong in a controller? What is the best and most
> secure way to do this?
>
> I have a Users table with id, name and password
> I have a Authors table with id, user_id, address, city, state, zip
>
> Users won't be able to access each others account data. So after
> baking the app I would remove the User.name dropdown.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php
