Hey RoadRunner
I'm not sure I would use named parameters to update records like that, I understand your concern and I think I would share the same concerns.
It sounds like you want to be able to edit multiple records in place without having to view each individual record in a edit page, and go through a form. If that is the case there may be several ways to do this, ajax is probably the best way.
Make it so the data is sent to the server in the background and lock the controller action so it only edits the record when it detects ajax (if ($this->request->is('ajax'){ .. }). This way if you sent an ajax request to /controller/edit/$id/$newValue it wouldn't work if the browser just hit the URL.
Something I have used before for actually editing fields is X-Editable for Twitter Bootstrap. It works pretty nicely with CakePHP if you do use Twitter Bootstrap: http://vitalets.github.io/x-editable/
It's hard for me to suggest much else without actual code snippets.
Kind Regards
Stephen
On 6 January 2014 02:35, RoadRunner <edv3001@gmail.com> wrote:
Hi,--
i'm new to CakePHP and try to build my first database application. So far i can list all customers in my test-database and view/edit a customer via a link with the customer id passed as a named parameter.
At the moment i have 2 links to different controllers in each row of the customer list, one for viewing the data and one for editing the data. The layout looks almost equal for both controllers, which is important for me, but in the controller for viewing the data the form input elements are readonly.
Is it possible to edit a record after it is displayed readonly instead of placing an edit link in each row of the customer list? Of course i can place my edit link inside the displayed record instead of placing it inside each row, but this way i allways have 2 different controller with nearly identical views, one with read only input elements and one with editable input elements. Is this the best way to do this?
Then i noticed that all the controllers, actions and my named parameters are visible within the URL and that i'm able to edit values and call functions without clicking a button. Isn't it dangerous to pass parameters within the URL when i let users work with my database application?
I don't mean deliberately tampering the database records in the first place, but rather getting trouble because they use the browser history or bookmarks or they close the browser tab accidently. Users often try so many stupid things we can't imagine...is there a simple solution how i can harden the application against such dangers/mistakes? I would prefer it when the users can only "walk" through the application in the prescribed manner and that i can detect deviant behaviour and either reload the last page or discard the last action and start from scratch. Does this also mean that i should work with transactions to keep the database consistent?
Best regards,
RoadRunner
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
Kind Regards
Stephen Speakman
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment