Oh, hehe I get it now. Sorry, I was assuming you were trying to add a value that you actually did want to add/change in your database.
Larry's right (as usual), you can limit the fields can get changed by the third param in $this->Model->save(). On Jul 30, 3:24 pm, morecakepls <[EMAIL PROTECTED]> wrote: > Thanks, that answered my question! Perfect > > On Jul 30, 10:48 pm, "Larry E. Masters aka PhpNut" <[EMAIL PROTECTED]> > wrote: > > > No it is not... > > >http://api.cakephp.org/class_model.html#ebe42ae387be89985b5a35dd428f5c81 > > > The third param in the save method is what you are looking for in 1.1 same > > goes for 1.2 but version 1.2 also has the security class that does a little > > more magic. > > > -- > > /** > > * @author Larry E. Masters > > * @var string $userName > > * @param string $realName > > * @returns string aka PhpNut > > * @access public > > */ > > > On 7/30/07, morecakepls <[EMAIL PROTECTED]> wrote: > > > > Hi > > > > What if my table is named User and there are three fields called > > > Username, Password, Secretvalue. I present the user a form to change > > > the username and password and use the $this->User->save($this->data) > > > function in the controller to save the form data to the database. > > > > I managed to use firefox to create another input element for the > > > Secretvalue and changed the Secretvalue in the User table. Is this not > > > a serious security issue? How can I avoid this? Should I validate > > > before saving data to the database? > > > > Thanks > > > morecakepls --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---