Hi,
i'm new to CakePHP and try to build my first database application. So far i can list all customers in my test-database and view/edit a customer via a link with the customer id passed as a named parameter.
At the moment i have 2 links to different controllers in each row of the customer list, one for viewing the data and one for editing the data. The layout looks almost equal for both controllers, which is important for me, but in the controller for viewing the data the form input elements are readonly.
Is it possible to edit a record after it is displayed readonly instead of placing an edit link in each row of the customer list? Of course i can place my edit link inside the displayed record instead of placing it inside each row, but this way i allways have 2 different controller with nearly identical views, one with read only input elements and one with editable input elements. Is this the best way to do this?
Then i noticed that all the controllers, actions and my named parameters are visible within the URL and that i'm able to edit values and call functions without clicking a button. Isn't it dangerous to pass parameters within the URL when i let users work with my database application?
I don't mean deliberately tampering the database records in the first place, but rather getting trouble because they use the browser history or bookmarks or they close the browser tab accidently. Users often try so many stupid things we can't imagine...is there a simple solution how i can harden the application against such dangers/mistakes? I would prefer it when the users can only "walk" through the application in the prescribed manner and that i can detect deviant behaviour and either reload the last page or discard the last action and start from scratch. Does this also mean that i should work with transactions to keep the database consistent?
Best regards,
RoadRunner
-- i'm new to CakePHP and try to build my first database application. So far i can list all customers in my test-database and view/edit a customer via a link with the customer id passed as a named parameter.
At the moment i have 2 links to different controllers in each row of the customer list, one for viewing the data and one for editing the data. The layout looks almost equal for both controllers, which is important for me, but in the controller for viewing the data the form input elements are readonly.
Is it possible to edit a record after it is displayed readonly instead of placing an edit link in each row of the customer list? Of course i can place my edit link inside the displayed record instead of placing it inside each row, but this way i allways have 2 different controller with nearly identical views, one with read only input elements and one with editable input elements. Is this the best way to do this?
Then i noticed that all the controllers, actions and my named parameters are visible within the URL and that i'm able to edit values and call functions without clicking a button. Isn't it dangerous to pass parameters within the URL when i let users work with my database application?
I don't mean deliberately tampering the database records in the first place, but rather getting trouble because they use the browser history or bookmarks or they close the browser tab accidently. Users often try so many stupid things we can't imagine...is there a simple solution how i can harden the application against such dangers/mistakes? I would prefer it when the users can only "walk" through the application in the prescribed manner and that i can detect deviant behaviour and either reload the last page or discard the last action and start from scratch. Does this also mean that i should work with transactions to keep the database consistent?
Best regards,
RoadRunner
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment