Is there a way that a Model::load($_POST) prevents the loading of some fields without unset the vars?
E.g.: If I have a model that have a ‘[font=“Courier New”]status[/font]’ field whose have a default rule in it so that, when a user is creating a record, its value would be 1
.
On my scheme, 1
means ‘waiting for aproval’.
But, on my controller, I use
$model->load(Yii::$app->request->post())
.
If a bad dude sends me a POST requisition with the status field with the value of 10, then it will pass. And on my system, 10
means ‘ok’. And that is bad.