+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Privatizing Form Validation callback functions? (/showthread.php?tid=11892)
Privatizing Form Validation callback functions? - El Forum - 09-27-2008
[eluser]inktri[/eluser]
For example:
Code:
username_check($str)from http://www.codeignitor.com/user_guide/libraries/validation.html can be accessed by "/form/username_check" right?
How would you prevent that? I tried adding an underscore in front of username_check and calling callback__username_check with the validation rules with no luck
Privatizing Form Validation callback functions? - El Forum - 09-27-2008
[eluser]Colin Williams[/eluser]
That typically does the trick for me
Privatizing Form Validation callback functions? - El Forum - 09-27-2008
[eluser]onejaguar[/eluser]
You can put your callbacks in an extend validation library (My_validation). They can be used by any controller that loads the validation library but can't be accessed via URL.
Or you can just leave it as-is. I don’t think it is a serious security risk; you should always assume people can put horrible things into a POST requests and you should write your callbacks accordingly; and a callback called directly will either return nothing or an error message about un-found objects, AND a person would have to know the name of your callback…