[eluser]Unknown[/eluser]
[quote author="Jamie Rumbelow" date="1346254357"]...To prevent mass-assignment you could specify the values you pass into the model specifically:
Code:
public function create()
{
$data = $this->input->post('book');
$book = array(
'title' => $data['title'],
'author' => $data['author']
);
if ($id = $this->book_model->insert($book))
{
redirect('books/' . $id);
}
}
I'm working on a way to add 'protected attributes' as a concept and thus prevent mass assignment...[/quote]
I've been doing some reading about CodeIgniter (ActiveRecord, really) and mass-assignment vulnerabilities. I'm curious...are the keys of the assoc array $book how you're suggesting to specify the table fields to prevent mass-assignment? Is specifying the field the simplest way to avoid it or would not passing arrays via the HTTP POST do the same thing?
Code:
public function create()
{
$title = $this->input->post('title');
$author = $this->input->post('author');
if ($id = $this->book_model->insert(array($title, $author)))
{
redirect('books/' . $id);
}
}
or would this still have to change to
Code:
// ...
if($id = $this->book_model->insert(array('title'=>$title, 'author'=>$author)))
// ...