diff --git a/user_guide_src/source/libraries/validation.rst b/user_guide_src/source/libraries/validation.rst index 7b87954653e1..048449580422 100644 --- a/user_guide_src/source/libraries/validation.rst +++ b/user_guide_src/source/libraries/validation.rst @@ -476,6 +476,8 @@ the validation rules. .. literalinclude:: validation/045.php :lines: 2- +.. _saving-validation-rules-to-config-file: + Saving Sets of Validation Rules to the Config File ================================================== @@ -875,6 +877,8 @@ Or you can use the following parameters: .. literalinclude:: validation/047.php :lines: 2- +.. _validation-available-rules: + *************** Available Rules *************** diff --git a/user_guide_src/source/models/model.rst b/user_guide_src/source/models/model.rst index c77e68cb81b8..e8186487f9e6 100644 --- a/user_guide_src/source/models/model.rst +++ b/user_guide_src/source/models/model.rst @@ -243,13 +243,13 @@ $validationRules Contains either an array of validation rules as described in :ref:`validation-array` or a string containing the name of a validation group, as described in the same section. -Described in more detail below. +See also :ref:`model-setting-validation-rules`. $validationMessages ^^^^^^^^^^^^^^^^^^^ Contains an array of custom error messages that should be used during validation, as -described in :ref:`validation-custom-errors`. Described in more detail below. +described in :ref:`validation-custom-errors`. See also :ref:`model-setting-validation-rules`. $skipValidation ^^^^^^^^^^^^^^^ @@ -649,11 +649,14 @@ Cleans out the database table by permanently removing all rows that have 'delete In-Model Validation =================== +.. warning:: In-Model validation is performed just before data is stored in the + database. Prior to that point, the data has not yet been validated. Processing + user-input data prior to validation may introduce vulnerabilities. + Validating Data --------------- -For many people, validating data in the model is the preferred way to ensure the data is kept to a single -standard, without duplicating code. The Model class provides a way to automatically have all data validated +The Model class provides a way to automatically have all data validated prior to saving to the database with the ``insert()``, ``update()``, or ``save()`` methods. .. important:: When you update data, by default, the validation in the model class only @@ -668,16 +671,24 @@ prior to saving to the database with the ``insert()``, ``update()``, or ``save() To avoid such glitches, this behavior can be changed by configuration. See :ref:`clean-validation-rules` for details. +.. _model-setting-validation-rules: + Setting Validation Rules ------------------------ -The first step is to fill out the `$validationRules`_ class property with the fields and rules that should -be applied. If you have custom error message that you want to use, place them in the `$validationMessages`_ array: +The first step is to fill out the `$validationRules`_ class property with the +fields and rules that should be applied. + +.. note:: You can see the list of built-in Validation rules in :ref:`validation-available-rules`. + +If you have custom error message that you want to use, place them in the `$validationMessages`_ array: .. literalinclude:: model/027.php -If you'd rather organize your rules and error messages within the Validation configuration file, you can do that -and simply set `$validationRules`_ to the name of the validation rule group you created: +If you'd rather organize your rules and error messages within the +:ref:`Validation Config File `, you can +do that and simply set `$validationRules`_ to the name of the validation rule +group you created: .. literalinclude:: model/034.php