CodeIgniter Forums

Full Version: Form_validation question
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi everybody, I'm developing a web application using this excellent framework (Codeigniter 3.0RC3)
Someone could help me whith this doubt.

I'm using form_validation library to validate data within models. I use the set_data method to validate an associative array. This is my validate method.

public function validate($data, $rules) {

        if ($this->form_validation->run() == FALSE) {
            return FALSE;
        else {
            return $data;

Some validations rules are like this

$rules[] = array("field" => "description", "label"=> "Description", "rules"=> "trim|strip_tags");

After validation process takes place, $data["description"] is not trimmed and tags striped. The only way I can do this is re-populating $data array using set_value() function for each of the array items. For example

$data["description"] = set_value("description");

Thanks in advance guys.
As you can see, it's a validation library, not a cleaning one. Its purpose is only to validate the data.

set_value() on the other hand deals with output, so it's normal for it to clean what it receives.
(03-17-2015, 12:19 AM)Avenirer Wrote: [ -> ]As you can see, it's a validation library, not a cleaning one. Its purpose is only to validate the data.

But even Codeigniter 2's validation library will clean data. This is from the manual.

Quote:Prepping Data
In addition to the validation functions like the ones we used above, you can also prep your data in
various ways. For example, you can set up rules like this:

$this->form_validation->set_rules('username', 'Username',
$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[passconf]|md5');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'trim|required');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');

In the above example, we are "trimming" the fields, converting the password to MD5, and running the username through the "xss_clean" function, which removes malicious data. Any native PHP function that accepts one parameter can be used as a rule, like htmlspecialchars, trim, MD5, etc.

Note: You will generally want to use the prepping functions after the validation rules so if there isĀ an error, the original data will be shown in the form.
"Prepping" the data and cleaning the data are two different things. Of course you can use PHP functions that cleans the data inside the validation, but that is not the purpose of the validation library. Also, xss_clean is no longer part of form validation library but of security library. Blush
Even though "prepping" and cleaning the data are two different things, you can do both inside validation in CI2. You can use any PHP function that has just one parameter in your validation rules. Did that change in CI3?
CI3 still allows you to do just about anything with the data in the form validation library. It appears that the library places the updated data into $_POST, regardless of whether it is processing a supplied data array or the $_POST data. So, at least for now, you're stuck with repopulating your supplied array (via set_value()).