Hi
I am ajaxing form varibales up to a controller action and inserting them into the db thus…
if ( isset( $_POST[‘User’]) ) {
$modelUser = new User;
$modelUser ->attributes = $_POST[‘User’];
$modelUser ->save();
}
I wonder if anyone can tell me if variables assinged via ->attributes are safe (filtered for sql injection attempts etc) for db insertion as they are or if I need to filter them myself.
Thanks
tb