Yii Framework Wiki
Writenew article
Categories
Popular Tags
Recent Comments
-
Ricardo Astudillo on Filter & Sort by calculated/related fields in GridView Yii 2.0 2 months ago
-
cowson on Displaying, Sorting and Filtering Model Relations on a GridView 3 months ago
-
Néstor Acevedo on How to login from different tables in Yii2 6 months ago
-
E.Alamo on PHP built-in server integration a year ago
-
coderevolts on Implementing cron jobs with Yii a year ago
Difference between
#9 and
#13 of
Understanding "Safe" Validation Rules
Changes
Title unchanged
Understanding "Safe" Validation Rules
Category unchanged
FAQs
Yii version unchanged
Tags unchanged
Forms, Validation, Safe, Massive Assignment, understanding
Content changed
A common source of confusion among new Yii users is how the `'safe'` validator works, how it works with other validators, and why it's necessary in the first place. This article means to clear up this confusion, as well as explain the notion of Massive Assignment.
Summary: A model's validation rules serve **two** purposes:
1. IEnsure that fields entered in a form are entered properly
2. Define which form fields are allowed to be assigned to a $model variable
----------------
The obvious purpose for validators is toiensure that users enter good data into application forms.
If a field should be no more than 16 characters long, if it should reflect a unique value in a table, or it must look like an email address, Yii provides a rich set of validators to help enforce form validation.
It's wise to review the Rules in your model from time to time toiensure that you're not allowing things you should not (especially when scenarios are in play), because it's not uncommon to wildly mark things as safe during a bout of validation problems without realizing that this actaully reduces the security of the application.
Russian Version: [Правило валидации "safe", для тех, кто в танке](http://phptime.ru/blog/yii/23.html)
2. Define which form fields are allowed to be assigned to a $model variable
[...]
Validation Rules----------------
The obvious purpose for validators is to
If a field should be no more than 16 characters long, if it should reflect a unique value in a table, or it must look like an email address, Yii provides a rich set of validators to help enforce form validation.
[...]
Yii takes the conservative approach that attributes are assumed to be unsafe unless the developer explicitly makes them so (a "default deny" paradigm), rather than the easier but more dangerous "default allow".It's wise to review the Rules in your model from time to time to
Russian Version: [Правило валидации "safe", для тех, кто в танке](http://phptime.ru/blog/yii/23.html)
46 followers
Viewed: 195 118 times
Version: 1.1
Category: FAQs
Written by: 
Steve Friedl
Steve FriedlLast updated by: Gismo
GismoCreated on: Mar 22, 2011
Last updated: 12 years ago
Revisions
View all history-
12 years ago by
Gismo edit russian version anchor
-
13 years ago by
Gismo Add russian version
-
13 years ago by
spinningarrow
insure -> ensure -
13 years ago by
minor edit (insure -> ensure)
-
14 years ago by
GOsha
added "understanding" tag to the article -
14 years ago by
resurtm
Fixed illegal Markdown bold -
14 years ago by
Fixed illegal Markdown bold
-
14 years ago by
Boaz small typo - extra word removed
-
14 years ago by
Lensi spelling
-
14 years ago by
qiang