safe and unsafe validators rules

Hi to everyone!

I am newbie in Yii framework

I am confused about model rules about ‘safe’ and ‘unsafe’ validators

I think safe validator used to keep an atribute from user (included other validators)

anything else rejected from $_GET OR $_POST array. Right?

what is ‘unsafe’ validator and when we use it?

One more thing: supposing I have a textarea in form. ‘safe’ validator could protect my application by injection code and injection sql-queries in mysql?

Thanks in advanced! :)

Check this part of the documentation - http://www.yiiframew…ute-assignments

This are used only for the "massive assignment"…only "safe" attributes will be assigned…

Thanks mdomba for reply!

Ok… use a rule validator for those attributes we want to be massively assigned (and nothing more atrributes).

why exists the ‘unsafe’ validator then? (if not included an attribute in rule then, it will be rejected)

Thank you

if an attribute does not have any rule than it’s unsafe…

on the other side… if you have many “scenarios”… it’s faster to make a global validator for all scenarios… and then if neede just set the attribute as “unsafe” on the scenario you need…

so the "unsafe" exists just for those "special" cases… if someone needs it…

I think I got it.


So all attributes must have at least one validation rule will be regarded as safe.

After of two years I understood completely unsafe validator

So I just wrote a wiki to full understand all Yii members too :)


Thanks it’s helpful for me…

Thank’s this post is very helpful for me. I found this article further: Understanding “Safe” Validation Rules