> If someone knows the name of a database field they shouldn´t have > access to edit, they can easily save an edit a form and update fields.
That's where the $fieldList parameter of Model::save( ) comes in handy. It allows you to specify a whilelist of fields in a situation where the user has control over the data they're submitting (i.e. form posting). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
