Re: Compare Array - GOT IT!
Ah, okay I understand what you mean now. It looks like you're doing
this in the model; am I correct on that? It should probably be set as
a custom validation for the particular field(s) you are concerned
about. Since you didn't paste all of your code (you don't need to)
I'll just hope that's what you're doing. :) If not, you can find that
information in the cookbook:
http://book.cakephp.org/view/150/Custom-Validation-Rules
If you're not already, you may also want to use the Security
Component.
On Apr 29, 10:11 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
No no...not giving them the ability to edit the form...install Firebug and
anyone can edit a form...I am trying to prevent them from editing the form.
I can see the form and use firebug to see the vales in the form
checkboxes...value = 1 =3 = so on. I can change the values with Firebug
to 599 799 899 or what ever ...so what I am doing is verify that if someone
is being cleaver and changes the values to something that it could not
possably be then it will not save anything and the logged in users account
is supspended because the ony way the form would not save is if someone was
messing with it and submited bad data.(the form is only checkboxes)
-Original Message-
From: Brendon Kozlowski [mailto:brendon...@hotmail.com]
Sent: April-29-09 11:15 PM
To: CakePHP
Subject: Re: Compare Array - GOT IT!
I don't believe this is necessary in the first place. Why are you giving
someone the ability to edit the form that shouldn't be? That's the first
issue I see. Secondly, why are you passing values to be saved if you don't
want them overwritten? That's the 2nd issue.
Thirdly, why are you even rendering them as form elements rather than simple
text within a paragraph tag instead? That'd be the third issue I see.
Although you are accomplishing what you want to do, I don't believe you
should be trying to do it in the first place as a more elegant (albeit
possibly more difficult to grasp?) solution is available.
On Apr 29, 4:52 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
I figured it out.
//list of possible keys
$keys =
$this-User-$model_name-find('list', array('fields' = 'id', 'order'
= 'id ASC'));
debug($keys);
$submitted =
$this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
$results = array_diff($submitted,
$keys);
debug($results);
So if a evil user tries to change the value in a form and submits,
the value is checked against possible values in the databsaeif not
found we know someone was doing something they should not have been doing.
I am using this for a form that only has checkboxes so it works for me.
Any flaws?
Thanks,
Dave
-Original Message-
From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
Sent: April-29-09 6:14 PM
To: cake-php@googlegroups.com
Subject: re: Compare Array
I am trying to do the same type thing with comparing an array. I am
using this for a security set up so a user can not change values of a
form so I get the list of possible keys
//list of possible keys
$keys = $this-User-$model_name-find('list', array('fields' =
'id', 'order' = 'id ASC'));
debug($keys);
Array
(
[1] = 1
[2] = 2
[3] = 3
[4] = 4
[5] = 5
[6] = 6
)
// values submitted by user
$submitted = $this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
Array
(
[0] = 3
[1] = 5
[2] = 6
[3] = 1
)
//how to compare vales against submitted values?
$results = array_udiff_assoc($keys, array($submitted));
debug($results);
But i need to compare the keys with the submitted data and that where
i am stuck. I need to check that the submitted values have a match
with the possible values in the database.
Can someone point out my error or suggestions?
Thanks,
Dave- Hide quoted text -
- Show quoted text -
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
RE: Compare Array - GOT IT!
Yes... the goal is to secure the form (the checkbox values) so an end user
can not modify the values and submit...All values submitted are checked
against possible values in the db...so if they don't exist we know someone
was messing with the form. So that's all done and working then it was
just a matter of selecting the fields that were allowed to have data saved
to them so if a user tried to add text field or something to the form it
would not save that 'extra' data.
The validation is set ('numeric') since its a HABTM table its saving id,
user id , program_id
That was all...sorry for the confusion
Dave
-Original Message-
From: Brendon Kozlowski [mailto:brendon...@hotmail.com]
Sent: April-30-09 11:48 AM
To: CakePHP
Subject: Re: Compare Array - GOT IT!
Ah, okay I understand what you mean now. It looks like you're doing this in
the model; am I correct on that? It should probably be set as a custom
validation for the particular field(s) you are concerned about. Since you
didn't paste all of your code (you don't need to) I'll just hope that's what
you're doing. :) If not, you can find that information in the cookbook:
http://book.cakephp.org/view/150/Custom-Validation-Rules
If you're not already, you may also want to use the Security Component.
On Apr 29, 10:11 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
No no...not giving them the ability to edit the form...install Firebug
and anyone can edit a form...I am trying to prevent them from editing the
form.
I can see the form and use firebug to see the vales in the form
checkboxes...value = 1 =3 = so on. I can change the values with
Firebug to 599 799 899 or what ever ...so what I am doing is verify
that if someone is being cleaver and changes the values to something
that it could not possably be then it will not save anything and the
logged in users account is supspended because the ony way the form
would not save is if someone was messing with it and submited bad
data.(the form is only checkboxes)
-Original Message-
From: Brendon Kozlowski [mailto:brendon...@hotmail.com]
Sent: April-29-09 11:15 PM
To: CakePHP
Subject: Re: Compare Array - GOT IT!
I don't believe this is necessary in the first place. Why are you
giving someone the ability to edit the form that shouldn't be? That's
the first issue I see. Secondly, why are you passing values to be
saved if you don't want them overwritten? That's the 2nd issue.
Thirdly, why are you even rendering them as form elements rather than
simple text within a paragraph tag instead? That'd be the third issue I
see.
Although you are accomplishing what you want to do, I don't believe
you should be trying to do it in the first place as a more elegant
(albeit possibly more difficult to grasp?) solution is available.
On Apr 29, 4:52 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
I figured it out.
//list of possible keys
$keys =
$this-User-$model_name-find('list', array('fields' = 'id', 'order'
= 'id ASC'));
debug($keys);
$submitted =
$this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
$results = array_diff($submitted,
$keys);
debug($results);
So if a evil user tries to change the value in a form and submits,
the value is checked against possible values in the databsaeif
not found we know someone was doing something they should not have been
doing.
I am using this for a form that only has checkboxes so it works for me.
Any flaws?
Thanks,
Dave
-Original Message-
From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
Sent: April-29-09 6:14 PM
To: cake-php@googlegroups.com
Subject: re: Compare Array
I am trying to do the same type thing with comparing an array. I am
using this for a security set up so a user can not change values of
a form so I get the list of possible keys
//list of possible keys
$keys = $this-User-$model_name-find('list', array('fields'
= 'id', 'order' = 'id ASC'));
debug($keys);
Array
(
[1] = 1
[2] = 2
[3] = 3
[4] = 4
[5] = 5
[6] = 6
)
// values submitted by user
$submitted = $this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
Array
(
[0] = 3
[1] = 5
[2] = 6
[3] = 1
)
//how to compare vales against submitted values?
$results = array_udiff_assoc($keys, array($submitted));
debug($results);
But i need to compare the keys with the submitted data and that
where i am stuck. I need to check that the submitted values have a
match with the possible values in the database.
Can someone point out my error or suggestions?
Thanks,
Dave- Hide
Re: Compare Array - GOT IT!
You can set validation as numeric, AS WELL as your own custom
validation, Cake will let you do that. You create a function that
checks the values (comparing to the DB in your case), and if it's not
valid, your custom validation method simply returns false, and Cake's
validation mechanism takes over, providing whatever textual feedback
is necessary to the user (if any). I'm not entirely sure if you want
or need this, but I thought I'd let you know in case you aren't
already using it.
On Apr 30, 11:58 am, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
Yes... the goal is to secure the form (the checkbox values) so an end user
can not modify the values and submit...All values submitted are checked
against possible values in the db...so if they don't exist we know someone
was messing with the form. So that's all done and working then it was
just a matter of selecting the fields that were allowed to have data saved
to them so if a user tried to add text field or something to the form it
would not save that 'extra' data.
The validation is set ('numeric') since its a HABTM table its saving id,
user id , program_id
That was all...sorry for the confusion
Dave
-Original Message-
From: Brendon Kozlowski [mailto:brendon...@hotmail.com]
Sent: April-30-09 11:48 AM
To: CakePHP
Subject: Re: Compare Array - GOT IT!
Ah, okay I understand what you mean now. It looks like you're doing this in
the model; am I correct on that? It should probably be set as a custom
validation for the particular field(s) you are concerned about. Since you
didn't paste all of your code (you don't need to) I'll just hope that's what
you're doing. :) If not, you can find that information in the
cookbook:http://book.cakephp.org/view/150/Custom-Validation-Rules
If you're not already, you may also want to use the Security Component.
On Apr 29, 10:11 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
No no...not giving them the ability to edit the form...install Firebug
and anyone can edit a form...I am trying to prevent them from editing the
form.
I can see the form and use firebug to see the vales in the form
checkboxes...value = 1 =3 = so on. I can change the values with
Firebug to 599 799 899 or what ever ...so what I am doing is verify
that if someone is being cleaver and changes the values to something
that it could not possably be then it will not save anything and the
logged in users account is supspended because the ony way the form
would not save is if someone was messing with it and submited bad
data.(the form is only checkboxes)
-Original Message-
From: Brendon Kozlowski [mailto:brendon...@hotmail.com]
Sent: April-29-09 11:15 PM
To: CakePHP
Subject: Re: Compare Array - GOT IT!
I don't believe this is necessary in the first place. Why are you
giving someone the ability to edit the form that shouldn't be? That's
the first issue I see. Secondly, why are you passing values to be
saved if you don't want them overwritten? That's the 2nd issue.
Thirdly, why are you even rendering them as form elements rather than
simple text within a paragraph tag instead? That'd be the third issue I
see.
Although you are accomplishing what you want to do, I don't believe
you should be trying to do it in the first place as a more elegant
(albeit possibly more difficult to grasp?) solution is available.
On Apr 29, 4:52 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
I figured it out.
//list of possible keys
$keys =
$this-User-$model_name-find('list', array('fields' = 'id', 'order'
= 'id ASC'));
debug($keys);
$submitted =
$this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
$results = array_diff($submitted,
$keys);
debug($results);
So if a evil user tries to change the value in a form and submits,
the value is checked against possible values in the databsaeif
not found we know someone was doing something they should not have been
doing.
I am using this for a form that only has checkboxes so it works for me.
Any flaws?
Thanks,
Dave
-Original Message-
From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
Sent: April-29-09 6:14 PM
To: cake-php@googlegroups.com
Subject: re: Compare Array
I am trying to do the same type thing with comparing an array. I am
using this for a security set up so a user can not change values of
a form so I get the list of possible keys
//list of possible keys
$keys = $this-User-$model_name-find('list', array('fields'
= 'id', 'order' = 'id ASC'));
debug($keys);
Array
(
[1] = 1
[2] = 2
[3] = 3
[4] = 4
[5] = 5
RE: Compare Array - GOT IT!
I figured it out.
//list of possible keys
$keys =
$this-User-$model_name-find('list', array('fields' = 'id', 'order' =
'id ASC'));
debug($keys);
$submitted =
$this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
$results = array_diff($submitted, $keys);
debug($results);
So if a evil user tries to change the value in a form and submits, the
value is checked against possible values in the databsaeif not found we
know someone was doing something they should not have been doing.
I am using this for a form that only has checkboxes so it works for me.
Any flaws?
Thanks,
Dave
-Original Message-
From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
Sent: April-29-09 6:14 PM
To: cake-php@googlegroups.com
Subject: re: Compare Array
I am trying to do the same type thing with comparing an array. I am using
this for a security set up so a user can not change values of a form so I
get the list of possible keys
//list of possible keys
$keys = $this-User-$model_name-find('list', array('fields' = 'id',
'order' = 'id ASC'));
debug($keys);
Array
(
[1] = 1
[2] = 2
[3] = 3
[4] = 4
[5] = 5
[6] = 6
)
// values submitted by user
$submitted = $this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
Array
(
[0] = 3
[1] = 5
[2] = 6
[3] = 1
)
//how to compare vales against submitted values?
$results = array_udiff_assoc($keys, array($submitted));
debug($results);
But i need to compare the keys with the submitted data and that where i am
stuck. I need to check that the submitted values have a match with the
possible values in the database.
Can someone point out my error or suggestions?
Thanks,
Dave
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: Compare Array - GOT IT!
I don't believe this is necessary in the first place. Why are you
giving someone the ability to edit the form that shouldn't be? That's
the first issue I see. Secondly, why are you passing values to be
saved if you don't want them overwritten? That's the 2nd issue.
Thirdly, why are you even rendering them as form elements rather than
simple text within a paragraph tag instead? That'd be the third issue
I see.
Although you are accomplishing what you want to do, I don't believe
you should be trying to do it in the first place as a more elegant
(albeit possibly more difficult to grasp?) solution is available.
On Apr 29, 4:52 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
I figured it out.
//list of possible keys
$keys =
$this-User-$model_name-find('list', array('fields' = 'id', 'order' =
'id ASC'));
debug($keys);
$submitted =
$this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
$results = array_diff($submitted, $keys);
debug($results);
So if a evil user tries to change the value in a form and submits, the
value is checked against possible values in the databsaeif not found we
know someone was doing something they should not have been doing.
I am using this for a form that only has checkboxes so it works for me.
Any flaws?
Thanks,
Dave
-Original Message-
From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
Sent: April-29-09 6:14 PM
To: cake-php@googlegroups.com
Subject: re: Compare Array
I am trying to do the same type thing with comparing an array. I am using
this for a security set up so a user can not change values of a form so I
get the list of possible keys
//list of possible keys
$keys = $this-User-$model_name-find('list', array('fields' = 'id',
'order' = 'id ASC'));
debug($keys);
Array
(
[1] = 1
[2] = 2
[3] = 3
[4] = 4
[5] = 5
[6] = 6
)
// values submitted by user
$submitted = $this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
Array
(
[0] = 3
[1] = 5
[2] = 6
[3] = 1
)
//how to compare vales against submitted values?
$results = array_udiff_assoc($keys, array($submitted));
debug($results);
But i need to compare the keys with the submitted data and that where i am
stuck. I need to check that the submitted values have a match with the
possible values in the database.
Can someone point out my error or suggestions?
Thanks,
Dave
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
RE: Compare Array - GOT IT!
No no...not giving them the ability to edit the form...install Firebug and
anyone can edit a form...I am trying to prevent them from editing the form.
I can see the form and use firebug to see the vales in the form
checkboxes...value = 1 =3 = so on. I can change the values with Firebug
to 599 799 899 or what ever ...so what I am doing is verify that if someone
is being cleaver and changes the values to something that it could not
possably be then it will not save anything and the logged in users account
is supspended because the ony way the form would not save is if someone was
messing with it and submited bad data.(the form is only checkboxes)
-Original Message-
From: Brendon Kozlowski [mailto:brendon...@hotmail.com]
Sent: April-29-09 11:15 PM
To: CakePHP
Subject: Re: Compare Array - GOT IT!
I don't believe this is necessary in the first place. Why are you giving
someone the ability to edit the form that shouldn't be? That's the first
issue I see. Secondly, why are you passing values to be saved if you don't
want them overwritten? That's the 2nd issue.
Thirdly, why are you even rendering them as form elements rather than simple
text within a paragraph tag instead? That'd be the third issue I see.
Although you are accomplishing what you want to do, I don't believe you
should be trying to do it in the first place as a more elegant (albeit
possibly more difficult to grasp?) solution is available.
On Apr 29, 4:52 pm, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
I figured it out.
//list of possible keys
$keys =
$this-User-$model_name-find('list', array('fields' = 'id', 'order'
= 'id ASC'));
debug($keys);
$submitted =
$this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
$results = array_diff($submitted,
$keys);
debug($results);
So if a evil user tries to change the value in a form and submits,
the value is checked against possible values in the databsaeif not
found we know someone was doing something they should not have been doing.
I am using this for a form that only has checkboxes so it works for me.
Any flaws?
Thanks,
Dave
-Original Message-
From: Dave Maharaj :: WidePixels.com [mailto:d...@widepixels.com]
Sent: April-29-09 6:14 PM
To: cake-php@googlegroups.com
Subject: re: Compare Array
I am trying to do the same type thing with comparing an array. I am
using this for a security set up so a user can not change values of a
form so I get the list of possible keys
//list of possible keys
$keys = $this-User-$model_name-find('list', array('fields' =
'id', 'order' = 'id ASC'));
debug($keys);
Array
(
[1] = 1
[2] = 2
[3] = 3
[4] = 4
[5] = 5
[6] = 6
)
// values submitted by user
$submitted = $this-data[$model_name][$model_name];
debug($this-data[$model_name][$model_name]);
Array
(
[0] = 3
[1] = 5
[2] = 6
[3] = 1
)
//how to compare vales against submitted values?
$results = array_udiff_assoc($keys, array($submitted));
debug($results);
But i need to compare the keys with the submitted data and that where
i am stuck. I need to check that the submitted values have a match
with the possible values in the database.
Can someone point out my error or suggestions?
Thanks,
Dave
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
