Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion Model::update() is dangerous
Model::update() is dangerous
  • Offline michalsn
    CodeIgniter Team
  • Posts: 154
    Threads: 11
    Joined: Oct 2014
    Reputation: 11
#12
11-16-2022, 10:54 AM

There is no good solution for this for now. Any change would be a BC break.
Developers may use composite keys with the model.

PHP Code:
$model->where(['key1' => 'value1''key2' => 'value2'])->update(null$data); 

I believe this was a design choice.


Whether we like the current model behavior or not, the code presented here and in the repo lacks any basic checks in update() / postUpdate() method:
  • why is null/false acceptable as a value at all?
  • I can perform an update query on every single row in the table without checking if row exists or not.

Meanwhile, the code responsible for showing the view: getEdit() has these checks. There should be no difference when validating the $id for getEdit() and postUpdate().

I get your reasoning with update(null, $data), but the real danger here is poorly-written code, not the framework. In this case, simple value validation for $id would solve all the problems.
michalsn.dev - mostly about CodeIgniter
Reply


Messages In This Thread
Model::update() is dangerous - by kenjis - 11-15-2022, 12:36 AM
RE: Model::update() is dangerous - by ozornick - 11-15-2022, 01:46 AM
RE: Model::update() is dangerous - by iRedds - 11-15-2022, 06:21 AM
RE: Model::update() is dangerous - by kenjis - 11-15-2022, 04:45 PM
RE: Model::update() is dangerous - by ikesela - 11-15-2022, 07:51 AM
RE: Model::update() is dangerous - by ozornick - 11-15-2022, 08:07 AM
RE: Model::update() is dangerous - by iRedds - 11-15-2022, 09:12 PM
RE: Model::update() is dangerous - by kenjis - 11-19-2022, 04:51 PM
RE: Model::update() is dangerous - by kenjis - 11-15-2022, 10:45 PM
RE: Model::update() is dangerous - by InsiteFX - 11-15-2022, 11:02 PM
RE: Model::update() is dangerous - by kenjis - 11-16-2022, 05:07 AM
RE: Model::update() is dangerous - by ikesela - 11-16-2022, 07:32 AM
RE: Model::update() is dangerous - by michalsn - 11-16-2022, 10:54 AM
RE: Model::update() is dangerous - by kenjis - 11-16-2022, 02:47 PM
RE: Model::update() is dangerous - by michalsn - 11-17-2022, 09:12 AM
RE: Model::update() is dangerous - by kenjis - 11-17-2022, 05:28 PM
RE: Model::update() is dangerous - by kenjis - 11-17-2022, 05:26 PM
RE: Model::update() is dangerous - by michalsn - 11-18-2022, 03:42 AM
RE: Model::update() is dangerous - by InsiteFX - 11-19-2022, 11:42 PM
RE: Model::update() is dangerous - by kenjis - 11-28-2022, 04:52 PM
RE: Model::update() is dangerous - by iRedds - 11-29-2022, 02:07 PM
RE: Model::update() is dangerous - by kenjis - 11-29-2022, 04:53 PM



Theme © iAndrew 2016 - Forum software by © MyBB