Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion Model::update() is dangerous
Model::update() is dangerous
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,671
    Threads: 96
    Joined: Oct 2014
    Reputation: 231
#16
11-17-2022, 05:28 PM
(This post was last modified: 11-17-2022, 05:31 PM by kenjis.)

(11-17-2022, 09:12 AM)michalsn Wrote: The only workaround I see for this is checking if the where part was set before or not. Something like:

PHP Code:
    protected function doUpdate($id null$data nullbool $allowNullId false): bool
    {
        $escape      $this->escape;
        $this->escape = [];

        $builder $this->builder();

        if ($id === null && ! $allowNullId && empty($builder->getCompiledQBWhere())) {
            throw new DatabaseException(
                'Updates are not allowed unless they contain a "where" or "like" clause.'
            );
        }

        if ($id) {
            $builder $builder->whereIn($this->table '.' $this->primaryKey$id);
        }

        // Must use the set() method to ensure to set the correct escape flag
        foreach ($data as $key => $val) {
            $builder->set($key$val$escape[$key] ?? null);
        }

        return $builder->update();
    

It would still be a BC break, but the overall functionality would remain. Still, I'm not sure this is the best thing to do.

It seems no problem. It prevents unexpected all record updates.
What's your concern?
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply


Messages In This Thread
Model::update() is dangerous - by kenjis - 11-15-2022, 12:36 AM
RE: Model::update() is dangerous - by ozornick - 11-15-2022, 01:46 AM
RE: Model::update() is dangerous - by iRedds - 11-15-2022, 06:21 AM
RE: Model::update() is dangerous - by kenjis - 11-15-2022, 04:45 PM
RE: Model::update() is dangerous - by ikesela - 11-15-2022, 07:51 AM
RE: Model::update() is dangerous - by ozornick - 11-15-2022, 08:07 AM
RE: Model::update() is dangerous - by iRedds - 11-15-2022, 09:12 PM
RE: Model::update() is dangerous - by kenjis - 11-19-2022, 04:51 PM
RE: Model::update() is dangerous - by kenjis - 11-15-2022, 10:45 PM
RE: Model::update() is dangerous - by InsiteFX - 11-15-2022, 11:02 PM
RE: Model::update() is dangerous - by kenjis - 11-16-2022, 05:07 AM
RE: Model::update() is dangerous - by ikesela - 11-16-2022, 07:32 AM
RE: Model::update() is dangerous - by michalsn - 11-16-2022, 10:54 AM
RE: Model::update() is dangerous - by kenjis - 11-16-2022, 02:47 PM
RE: Model::update() is dangerous - by michalsn - 11-17-2022, 09:12 AM
RE: Model::update() is dangerous - by kenjis - 11-17-2022, 05:28 PM
RE: Model::update() is dangerous - by kenjis - 11-17-2022, 05:26 PM
RE: Model::update() is dangerous - by michalsn - 11-18-2022, 03:42 AM
RE: Model::update() is dangerous - by InsiteFX - 11-19-2022, 11:42 PM
RE: Model::update() is dangerous - by kenjis - 11-28-2022, 04:52 PM
RE: Model::update() is dangerous - by iRedds - 11-29-2022, 02:07 PM
RE: Model::update() is dangerous - by kenjis - 11-29-2022, 04:53 PM



Theme © iAndrew 2016 - Forum software by © MyBB