Wowsers! Seems I hit on a hot topic.
On 10/15/07, Jochem van Dieten wrote: > > Since the answer to both questions is "No" I will add a third question: > How important is it *really* to know the variable came from a post? > > Jochem > > I don't allow data altering in my apps via a 'get', especially not deletes. Whether or not the user is authorized to alter said data, while obviously crucial, is not the only important thing; they must alter that data by following the correct protocols that the app has set in place, as Zaphod (and others) pointed out. Therefore, as far as I am concerned, it is extremely critical to know that these sort of variables came from a post. So, back to the root question at hand: Is it okay to directly reference the form scope in my OO-like controllers? I'm leaning toward the belief that it's okay to reference the form/post scope from within the controller, to verify that the data is from a post. (Sean's code example seems to bolster that belief.) At that point, the var(s) is/are passed off to the model where it does the heavy lifting. Inside the model, I completely and thoroughly agree with Brian - it doesn't matter where the variable(s) came from. Matt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Get involved in the latest ColdFusion discussions, product development sharing, and articles on the Adobe Labs wiki. http://labs/adobe.com/wiki/index.php/ColdFusion_8 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291129 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4