Yii Framework Forum: For What Inputs Should I Define Rules In Model Class ? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

For What Inputs Should I Define Rules In Model Class ? Rate Topic: -----

#1 User is offline   hamir 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 9
  • Joined: 28-December 12

Posted 30 December 2012 - 02:10 AM

Should I define rules for all of input elements in a model class?
For example the model form has 2 input type element and a textarea.
Can I just define rules for those two input type and not for textarea ?

I have done so but the text entered inside the textarea isn't save but if I put a rule for example for its length it will be saved.
0

#2 User is offline   Joblo 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 685
  • Joined: 12-September 10
  • Location:Austria

Posted 30 December 2012 - 05:50 AM

By default only input elements with defined rules are 'safe' attributes and are saved.

So you have to define rules for all input elements.
You can set to 'safe' if you have no specific rule for an input.

But for a textarea or other inputs you should use at least filters (strip_tags or CHtmlPurifier) because of security issues.



 public function rules()
    {
        // NOTE: you should only define rules for those attributes that
        // will receive user inputs.
       return array(
            ... 
            array('title, subtitle','filter','filter'=>'strip_tags'),
            array('body','filter','filter'=>array($obj=new CHtmlPurifier(),'purify')),
            ...
            array('tags', 'safe'), //no specific rule: all is allowed
            ...          
        );
    }

0

#3 User is offline   Backslider 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 363
  • Joined: 23-July 09

Posted 30 December 2012 - 01:54 PM

View PostJoblo, on 30 December 2012 - 05:50 AM, said:

But for a textarea or other inputs you should use at least filters (strip_tags or CHtmlPurifier) because of security issues.


Absolutely! All user input must have validation/filtering, or you are just begging for problems.
We were all once expert at....... nothing.

yii-language-behavior

My Blog
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users