Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Examples of Jamie Rumbelow's My_Model in Action?
Examples of Jamie Rumbelow's My_Model in Action?
  • El Forum
    Guest
  •  
#17
09-18-2014, 07:53 PM

[eluser]Unknown[/eluser]
[quote author="Jamie Rumbelow" date="1346254357"]...To prevent mass-assignment you could specify the values you pass into the model specifically:

Code:
public function create()
{
    $data = $this->input->post('book');

    $book = array(
         'title' => $data['title'],
         'author' => $data['author']
    );
    
    if ($id = $this->book_model->insert($book))
    {
        redirect('books/' . $id);
    }
}

I'm working on a way to add 'protected attributes' as a concept and thus prevent mass assignment...[/quote]

I've been doing some reading about CodeIgniter (ActiveRecord, really) and mass-assignment vulnerabilities. I'm curious...are the keys of the assoc array $book how you're suggesting to specify the table fields to prevent mass-assignment? Is specifying the field the simplest way to avoid it or would not passing arrays via the HTTP POST do the same thing?

Code:
public function create()
{
    $title = $this->input->post('title');
    $author = $this->input->post('author');
    
    if ($id = $this->book_model->insert(array($title, $author)))
    {
        redirect('books/' . $id);
    }
}

or would this still have to change to

Code:
// ...
if($id = $this->book_model->insert(array('title'=>$title, 'author'=>$author)))
// ...


Messages In This Thread
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-27-2012, 01:17 PM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-27-2012, 05:26 PM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 07:45 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 08:47 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 09:09 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 10:05 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 01:04 PM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 01:06 PM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 02:40 PM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-28-2012, 06:33 PM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-29-2012, 08:32 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-29-2012, 08:56 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-29-2012, 09:00 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 08-29-2012, 09:13 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 03-14-2013, 02:47 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 03-14-2013, 07:25 AM
Examples of Jamie Rumbelow's My_Model in Action? - by El Forum - 09-18-2014, 07:53 PM



Theme © iAndrew 2016 - Forum software by © MyBB