Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion Model::update() is dangerous
Model::update() is dangerous
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,400
    Threads: 91
    Joined: Oct 2014
    Reputation: 210
#13
11-16-2022, 02:47 PM
(This post was last modified: 11-16-2022, 02:49 PM by kenjis.)

Certainly, the current API cannot be changed without a BC break. However, an API that is not well designed should be changed to something more secure.

All inputs should be validated. Yes, that is correct. But have you guys ever forgotten to validate input values?

With the current API, developers create a vulnerability that if they forget to validate $id even once, all records will be updated.

I can't think of a use case like this sample where you want to update all records at the same time when updating a single record.

UPDATE table and UPDATE table WHERE id = ? are fundamentally different use cases. There is no need to provide both in the same method.
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply


Messages In This Thread
Model::update() is dangerous - by kenjis - 11-15-2022, 12:36 AM
RE: Model::update() is dangerous - by ozornick - 11-15-2022, 01:46 AM
RE: Model::update() is dangerous - by iRedds - 11-15-2022, 06:21 AM
RE: Model::update() is dangerous - by kenjis - 11-15-2022, 04:45 PM
RE: Model::update() is dangerous - by ikesela - 11-15-2022, 07:51 AM
RE: Model::update() is dangerous - by ozornick - 11-15-2022, 08:07 AM
RE: Model::update() is dangerous - by iRedds - 11-15-2022, 09:12 PM
RE: Model::update() is dangerous - by kenjis - 11-19-2022, 04:51 PM
RE: Model::update() is dangerous - by kenjis - 11-15-2022, 10:45 PM
RE: Model::update() is dangerous - by InsiteFX - 11-15-2022, 11:02 PM
RE: Model::update() is dangerous - by kenjis - 11-16-2022, 05:07 AM
RE: Model::update() is dangerous - by ikesela - 11-16-2022, 07:32 AM
RE: Model::update() is dangerous - by michalsn - 11-16-2022, 10:54 AM
RE: Model::update() is dangerous - by kenjis - 11-16-2022, 02:47 PM
RE: Model::update() is dangerous - by michalsn - 11-17-2022, 09:12 AM
RE: Model::update() is dangerous - by kenjis - 11-17-2022, 05:28 PM
RE: Model::update() is dangerous - by kenjis - 11-17-2022, 05:26 PM
RE: Model::update() is dangerous - by michalsn - 11-18-2022, 03:42 AM
RE: Model::update() is dangerous - by InsiteFX - 11-19-2022, 11:42 PM
RE: Model::update() is dangerous - by kenjis - 11-28-2022, 04:52 PM
RE: Model::update() is dangerous - by iRedds - 11-29-2022, 02:07 PM
RE: Model::update() is dangerous - by kenjis - 11-29-2022, 04:53 PM



Theme © iAndrew 2016 - Forum software by © MyBB