In your call to $model->save() you can set the fields that can be updated. All other fields will be ignored ...
On Tue, Apr 8, 2008 at 3:37 PM, Marcel <[EMAIL PROTECTED]> wrote: > > Hello > > The problem is that a model has some fields that the user may never > edit. I don't show them in the /edit view so they don't get posted (by > default). But manualy adding some of those private fields will result > in illegal save. I've noticed the secure method in the api of the > FormHelper to generate a hidden field with some sort of hash, but how > do I use that? > > I did this in my /edit view: > echo $form->secure($this->data); > > Which does work, but how do I validate that in my save method? If I do > a post it still saves the posted (malicious) data...? > > Thanks in advance > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---