Hi Jonah, > Problem: > What if data is sent through that should NOT be stored in table? How > do I stop that? For example, say I had a column named > "do_not_store_data_here" in the table. For some reason I do not want > any data stored there. I can't think of any particular cases where I > would want to do that at the moment but just go with me. > > I am asking how can I stop people from injecting data into there? I > mean, they could easily inject it by sending post data with the key > data[Script][do_not_store_data_here].
Have a look at the third parameter of Model::save(), it allows you to specify the fields which can be written. Hope that helps! -- Daniel Hofstetter http://cakebaker.42dh.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---