I’ve run the crud script to generate the automatic forms on a table.
Now I try to add a field into this form and it looks like it’s not so easy.
I’ve added a property $new_text_field in my ActiveRecord class
And I’ve added the corresponding field in the form.
In the actionUpdate, after this line :
The property new_text_filed is not updated, despite it is in the the $_POST (I traced it).
It seems that you didn’t make it “safe”. You should do it in the rules() method:
`yes you’re right, it works. The safe validator is not clear to me “safe for massive assignments”. What does i mean exactly ?
Massive assignment is: $model->attributes = $_POST[‘table’]. It’s just a loop. If $_POST[‘table’] array’s key ‘attributeName’ is “safe” for $model, then it will be assigned (same as $model->attributeName = …).
Assume, that all attributes are safe and your model has property “createTime”, which must be assigned only by your program. Now, bad guys can send a POST variable createTime = 666. It will be successfully assigned and saved, and it is not good