Thanks, that answered my question! Perfect On Jul 30, 10:48 pm, "Larry E. Masters aka PhpNut" <[EMAIL PROTECTED]> wrote: > No it is not... > > http://api.cakephp.org/class_model.html#ebe42ae387be89985b5a35dd428f5c81 > > The third param in the save method is what you are looking for in 1.1 same > goes for 1.2 but version 1.2 also has the security class that does a little > more magic. > > -- > /** > * @author Larry E. Masters > * @var string $userName > * @param string $realName > * @returns string aka PhpNut > * @access public > */ > > On 7/30/07, morecakepls <[EMAIL PROTECTED]> wrote: > > > > > Hi > > > What if my table is named User and there are three fields called > > Username, Password, Secretvalue. I present the user a form to change > > the username and password and use the $this->User->save($this->data) > > function in the controller to save the form data to the database. > > > I managed to use firefox to create another input element for the > > Secretvalue and changed the Secretvalue in the User table. Is this not > > a serious security issue? How can I avoid this? Should I validate > > before saving data to the database? > > > Thanks > > morecakepls
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---