On Tue, Mar 10, 2009 at 1:38 AM, mscdex <msc...@gmail.com> wrote: > > If the user is logged in and has a valid session where their ID is > stored, IMHO it's a better idea to leave out the hidden user_id field > and set the $this->data['Profile']['user_id'] manually to the value > stored in the session right before calling $this->Profile->save or > $this->Profile->saveAll.
True, although if it's an admin who's editing the form we'll want the user_id to be in a hidden field. And the SecurityComponent can make sure that that value isn't fiddled with. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---