CodeIgniter Forums
Submit button in Insert Statement - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Submit button in Insert Statement (/thread-17888.html)



Submit button in Insert Statement - El Forum - 04-18-2009

[eluser]Fielder[/eluser]
When I use $this->db->insert('bus',$_POST); in my method, it tries to insert my <input type="submit" name="submitnew" value="Submit" /> into the database. I get a returned error telling me the field submitnew is not in the table. ...but I dont want to insert it into the table. Am I missing something? I've never had to worry about this before.

Thanks.


Submit button in Insert Statement - El Forum - 04-18-2009

[eluser]Colin Williams[/eluser]
Don't throw $_POST at a db function. Typically you will have non-database-table related data in the form. Filter out what you need from the $_POST array first.


Submit button in Insert Statement - El Forum - 04-18-2009

[eluser]brianw1975[/eluser]
I'm surprised Colin didn't mention that you should check and process all of your data using $this->input->post("item_name") (or get or get_post, etc, check the userguide for more info) as CI does a bit of "data integrity" (XSS, etc) checking by default

Then create an appropriate array e.g.

Code:
$data = array("username"=>$this->input->post("username"),"password"=>$-this->input->post("password");

$this->db->insert('bus',$data);

Some people would argue that it's unnecessary if the site is password protected, or a intranet only application, but I postulate that at some point someone other than the existing user base will (hopefully) try to use the system (new employee for example) and could possibly do something naughty by quirk or design.


Submit button in Insert Statement - El Forum - 04-18-2009

[eluser]Colin Williams[/eluser]
If you have global XSS filtering on, the $_POST array is directly laundered. The input class has no method for getting the whole $_POST array.

You can either turn on global filtering or run it manually with xss_clean()


Submit button in Insert Statement - El Forum - 04-18-2009

[eluser]Fielder[/eluser]
Got it. If the form has numerous inputs, is there a way to do Brian's code without having to code in each field? Perhaps a loop statement of some sort?


Submit button in Insert Statement - El Forum - 04-18-2009

[eluser]Colin Williams[/eluser]
Code:
$schema = array('field' => '', 'field_2' => '');
$data_to_insert = array_intersect_keys($_POST, $schema);



Submit button in Insert Statement - El Forum - 04-19-2009

[eluser]Dam1an[/eluser]
As has been mentioned, its best to always process the data, and pull just what you need into a seperate array, but a quick and dirty way to solve the original problem, would be to unset the unwated variables
so you'd do unset($_POST['submitnew']);
Although I don't recommend using that approach in a real application


Submit button in Insert Statement - El Forum - 04-19-2009

[eluser]Fielder[/eluser]
Got it to work Colin - thx. However, I changed your array_intersect_keys to array_intersect_key.


Submit button in Insert Statement - El Forum - 04-20-2009

[eluser]Colin Williams[/eluser]
@Fielder Doh! Sorry for the extra 's'