form validate and binding

Question

form validate and binding

Stefan Chiriac Jun '15

Created Jun '15	Last Reply Jun '15	Replies 2	Views 496	Votes 0

Stefan Chiriac 16.0k

Jun '15

Hello,

When using form validators, is still required to use binding when inserting to db, or the input is considered already safe?

$name = new Text('Name');
$name->setFilters('alphanum');
$name->addValidators(array(
    new PresenceOf(array(
        'message' => 'Please enter your name'
    )),
    new Alpha(array(
        'message' =>Name is not valid'
    ))
));
$this->add($name);

When calling $form->bind($_POST, new Model()), the data from model will already have the filters applied, or is getting the raw data from $_POST?
The ORM does any checking and filtering by default?

Thanks

Andres Gutierrez
34.6k

Accepted
answer

Jun '15

Model::findOneByField() automatically uses bound parameters too, you only need binding in the methods that query data Model::find()/Model::findFirst()/Model::count()/Model::sum()/Model::query()/etc

Andres Gutierrez · Answer 1 · 2015-06-14T15:32:12-07:00

The ORM uses bind parameters for insertion/updation, also $form->bind assigns the values already filtered

Stefan Chiriac · Answer 2 · 2015-06-15T06:14:38-07:00

I see, so the only time when binding is required is when doing a Model::find() and Model::count() and maybe for Model::findOneByField() too. I know I read in the docs something a long time ago, but I no longer can find it :)

Stefan Chiriac · Answer 3 · 2015-06-15T07:46:59-07:00

Stefan Chiriac
16.0k

Jun '15

I got it. Thank you for clarifying this for me.