Yes, that is the basic idea so that we can avoid sql injections, etc. and. Custom component it is but I thought there would be on out there somewhere that we could piggy back off of. Thank you...
On Feb 19, 6:09 pm, BrendonKoz <[email protected]> wrote: > Future22: I'd imagine a custom component could be created to test for > these things, however... > > If the record doesn't exist, then the person checking for the record > will obviously not match that ID (because it, the user, does not > exist). (For other models, you'd still have to run the query and do > the test.) > > If it's a non-integer..... I've *ever-so-slightly* changed my cake > bake script to do the following on view, edit, and delete methods: > ---- if (!$id && !is_int($id)) { > ....instead of simply doing..... > ---- if (!$id) { > > Now, this requires that your ID field is numeric, but I haven't had > any models yet that do that, and it's easier to change the methods for > one or two specific models than for all others. :) > > On Feb 19, 3:39 pm, Future22 <[email protected]> wrote: > > > But this raises another question... What if the user types in 30 but > > the record does not exist? or if the user types in a non-integer? so > > we would have to check if it exists and if it is an integer. Custom > > component/function maybe to do these checks on each page (cotroller/ > > action/id)? Is there something out there for available for use? > > > Curtis > > > On Feb 19, 2:02 pm, leo <[email protected]> wrote: > > > > Check who is the current user and only allow based on that? > > > > On Feb 19, 7:55 pm, amarradi <[email protected]> wrote: > > > > > Hello together, > > > > > How do i protect the userprofiles? > > > > > Because i don't know how i protect the userprofiles mutually. if a > > > > user is logged in and he visits > > > > > /cakePHP/users/edit/1 he can edit his profile. But when he typed in > > > > his browser /cakePHP/users/edit/2 he can edit an other profile. > > > > > How can i stop this? > > > > > many greeting > > > > > Marcus Radisch- Hide quoted text - > > > > - Show quoted text -- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
