Prevent field from being modified at SQL Level
Prevent field from being modified at SQL Level
TTM
Posts: 3Questions: 1Answers: 0
I want to prevent users from editing a single field in a table. I am able to do this by setting the field to "readonly". However, if you modify the POST request you could still in theory edit the "readonly" field in the MySQL database. How could we stop this?
This discussion has been closed.
Answers
Ugh. Was looking at the wrong documentation (DataTables instead of Editor). Here it is: https://editor.datatables.net/manual/security
Thanks for posting back - good to hear you've got it sorted now.
Allan
Hi Allan,
At the moment I am using the following code to check if someone tried to set a value for a field that is not allowed.
Field::inst('Location')->validator(function ($val, $data, $opts) { if ($val !== null) { return 'Field not editable'; } else { return true; } })
So if the $val of a read-only field is not equal to NULL the submission will fail. Is there a more built-in way to do this?
It depends if you want to reject it with an error, or just silently ignore it. I'd typically just use
->set( false )to ignore it.Allan