For What Inputs Should I Define Rules In Model Class ?

Should I define rules for all of input elements in a model class?

For example the model form has 2 input type element and a textarea.

Can I just define rules for those two input type and not for textarea ?

I have done so but the text entered inside the textarea isn’t save but if I put a rule for example for its length it will be saved.

By default only input elements with defined rules are ‘safe’ attributes and are saved.

So you have to define rules for all input elements.

You can set to ‘safe’ if you have no specific rule for an input.

But for a textarea or other inputs you should use at least filters (strip_tags or CHtmlPurifier) because of security issues.





 public function rules()

    {

        // NOTE: you should only define rules for those attributes that

        // will receive user inputs.

       return array(

            ... 

            array('title, subtitle','filter','filter'=>'strip_tags'),

            array('body','filter','filter'=>array($obj=new CHtmlPurifier(),'purify')),

            ...

            array('tags', 'safe'), //no specific rule: all is allowed

            ...          

        );

    }



Absolutely! All user input must have validation/filtering, or you are just begging for problems.