Revision #11 has been created by spinningarrow on Apr 6, 2012, 12:17:17 PM with the memo:
insure -> ensure
« previous (#10) next (#12) »
Understanding "Safe" Validation Rules
Forms, Validation, Safe, Massive Assignment, understanding
Validation rules are defined with `array(...)`, providing a list of attributes, the name of the validator, and additional parameters as needed by the particular validators. Also common is the `'on'` keyword, which specifies **scenario**s, but we won't address those in this Article.
The obvious purpose for validators is to
insure that users enter good data into application forms.
If a field should be no more than 16 characters long, if it should reflect a unique value in a table, or it must look like an email address, Yii provides a rich set of validators to help enforce form validation.
[...]Yii takes the conservative approach that attributes are assumed to be unsafe unless the developer explicitly makes them so (a "default deny" paradigm), rather than the easier but more dangerous "default allow".
It's wise to review the Rules in your model from time to time to
nsure that you're not allowing things you should not (especially when scenarios are in play), because it's not uncommon to wildly mark things as safe during a bout of validation problems without realizing that this actaully reduces the security of the application.