Hi There You should use a whitelist to specify the fields to save, any other fields will not be saved.
Even if you don't display the field on the page, a user can still create the post variable from within their browser and use it to change data they shouldn't really be allowed to. Hope this helps Stephen On 26 November 2010 10:38, psybear83 <psybea...@gmail.com> wrote: > Hey everybody > > In my application, users can edit their email, phone number etc., but > they are *not* allowed to edit their username - only admins are > allowed to do that. > > So I'm wondering: is it safe to simply not display the username field > to the user? Afaik CakePHP makes sure that the form hasn't been > manually edited (e.g. adding a username input field), right? So I > don't have to double-check on the application's side, e.g. by > unsetting the $data[User][username] field, as long as I'm only > displaying form fields using CakePHP's form helper (and not > "deactivating" them by just hiding them using CSS or so), right? > > If so - yeah, sweet! Thanks, CakePHP! :-) > > Waiting for your confirmation about this fact, guys... Thanks! > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com<cake-php%2bunsubscr...@googlegroups.com>For > more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > -- Kind Regards Stephen @ NinjaCoderMonkey www.ninjacodermonkey.co.uk Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
