My ORM - Paris and Idiorm - doesn't seem to support white-listing parameters passed to constructor function, coming from client side.
$fruit = Model::factory('Fruit')->create($_POST);
If I want the users to be able to choose only some parameters, like color, and not others, like price, how do I do this? $_POST must be somehow filtered. I cannot find anything in Idiorm's/Paris's docs or source.
You could do something like this:
$fruit = Model::factory('Fruit')->create(
array_intersect_key($_POST, array('color' => 1,))
);
The function array_intersect_key will return key-value pairs where the key appears in both arrays, and the value will be taken from the first array - so the $_POST must come first.
You can add new key values in the second parameter - and the values for those keys can be anything.