Re: Should id be hidden value?
ah yes, i can check the passed id if it's stored in a session, and i'll check out the security component. it's better to use what's already there supplied by Cake than to solve problems with our own way right? thank you for your replies. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Should id be hidden value?
Well, in this case if you want you can store your ID in a session, but form is fine also, it's how we used to do it ;) Faifas On Mon, Sep 7, 2009 at 07:47, Jamie jamie@gmail.com wrote: Well, are you just new to CakePHP, or PHP in general? Because remember that CakePHP is really just PHP. And just like with any PHP-driven webpage that uses database tables with unique IDs, you need to pass the ID in the form somehow. You just need to do some security/sanity checks when processing the form to ensure that the user isn't doing anything bad. For example, make sure that the user editing the form has permission to edit the ID in question. - Jamie On Sep 6, 6:32 am, thesti roronoazorodea...@yahoo.com wrote: hi, i'm learning CakePHP and i take the Blog tutorial. and as i came to the modifying a post part, it's written that if we supply the 'id' field to the FormHelper then the form will be used to edit a post. when i see the source page, i see that the id is there as a hidden Input in the edit form. is there any other way in cake to make an edit form? because with javascript we can edit Hidden Input value and i think it's not secure. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Should id be hidden value?
hi, i'm learning CakePHP and i take the Blog tutorial. and as i came to the modifying a post part, it's written that if we supply the 'id' field to the FormHelper then the form will be used to edit a post. when i see the source page, i see that the id is there as a hidden Input in the edit form. is there any other way in cake to make an edit form? because with javascript we can edit Hidden Input value and i think it's not secure. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Should id be hidden value?
hi baked views should not be used as final solution for an application. but you can use the security component to avoid manipulation of form data. regards On Sun, Sep 6, 2009 at 3:32 PM, thestiroronoazorodea...@yahoo.com wrote: hi, i'm learning CakePHP and i take the Blog tutorial. and as i came to the modifying a post part, it's written that if we supply the 'id' field to the FormHelper then the form will be used to edit a post. when i see the source page, i see that the id is there as a hidden Input in the edit form. is there any other way in cake to make an edit form? because with javascript we can edit Hidden Input value and i think it's not secure. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Should id be hidden value?
ID must be passed. It can be done through form hidden field or through URL. Choose your way. For security check passed id in controller. On Sep 6, 8:32 pm, thesti roronoazorodea...@yahoo.com wrote: hi, i'm learning CakePHP and i take the Blog tutorial. and as i came to the modifying a post part, it's written that if we supply the 'id' field to the FormHelper then the form will be used to edit a post. when i see the source page, i see that the id is there as a hidden Input in the edit form. is there any other way in cake to make an edit form? because with javascript we can edit Hidden Input value and i think it's not secure. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Should id be hidden value?
Well, are you just new to CakePHP, or PHP in general? Because remember that CakePHP is really just PHP. And just like with any PHP-driven webpage that uses database tables with unique IDs, you need to pass the ID in the form somehow. You just need to do some security/sanity checks when processing the form to ensure that the user isn't doing anything bad. For example, make sure that the user editing the form has permission to edit the ID in question. - Jamie On Sep 6, 6:32 am, thesti roronoazorodea...@yahoo.com wrote: hi, i'm learning CakePHP and i take the Blog tutorial. and as i came to the modifying a post part, it's written that if we supply the 'id' field to the FormHelper then the form will be used to edit a post. when i see the source page, i see that the id is there as a hidden Input in the edit form. is there any other way in cake to make an edit form? because with javascript we can edit Hidden Input value and i think it's not secure. Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
