Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If the user Fake a form and change an input to ROLE, he can change that field in database.
How can I protect Yii Forms over fake inputs?
Model Users.php
array('role', 'numerical', 'integerOnly'=>true),
You can’t ‘protect forms’. You need to move that data away from the client (ie. forms) and on to the server (ie. php) via a session or some other method of storing state.
As long as the user’s machine is responsible for setting the data (ie. through a form) then they can change it to whatever they want. If you don’t have a way of independently verifying that on the server-side, then don’t expect the form to send you something you can trust.
Regarding sessions, see: http://www.yiiframework.com/doc/api/1.1/CHttpSession
Verbose blurb from the Common Weakness Enumeration project (http://cwe.mitre.org/data/definitions/807.html):