CodeIgniter Forums
How to customize $this->input->post() - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: How to customize $this->input->post() (/thread-23449.html)



How to customize $this->input->post() - El Forum - 10-11-2009

[eluser]tokyotech[/eluser]
In my MySQL columns, NULL means the user never filled out the form field. So I have to use the ternary operator to correctly insert rows:

Code:
$this->accountModel->createUser(
    array(
        'email'    => $this->input->post('email'),
        'password' => $this->input->post('password'),
        'name'     => $this->input->post('name') ? $this->input->post('name') : NULL,
        'gender'   => $this->input->post('gender'),
        'created'  => time()
    )
);

1) Is there a way to make post() return NULL rather than FALSE if the value is ""?

2) After I get question #1 working, how do I dump the whole post() array into my model's method? I must use post() rather than $_POST because $_POST will assign "" to form elements that were untouched. Ideally, this code could be cut down to:

Code:
// this doesn't work:
$this->accountModel->createUser($this->input->post())



How to customize $this->input->post() - El Forum - 10-11-2009

[eluser]Colin Williams[/eluser]
Your model should be the smart one. You should just throw $_POST at your model and your model should have functions to sort out the data before it is inserted to the database. That's its job


How to customize $this->input->post() - El Forum - 10-12-2009

[eluser]tokyotech[/eluser]
But the CI manual says not to use $_POST directly.... Sad


How to customize $this->input->post() - El Forum - 10-12-2009

[eluser]Colin Williams[/eluser]
It's not clearly stated.

Quote:The main advantage of using the provided functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first.

Do you need that advantage in your case? No.

Quote:For the sake of simplicity in this example we're using $_POST directly. This is generally bad practice, and a more common approach would be to use the Input Class $this->input->post('title')

This is probably what you are referring to. Shame it was worded that way, because later we see:

Quote:Before accepting any data into your application, whether it be POST data from a form submission, COOKIE data, URI data, XML-RPC data, or even data from the SERVER array, you are encouraged to practice this three step approach:
1. Filter the data as if it were tainted.
2. Validate the data to ensure it conforms to the correct type, length, size, etc. (sometimes this step can replace step one)
3. Escape the data before submitting it into your database.

So, just xss_clean() all incoming data in your models and you will be fine using $_POST. Example model function:

Code:
function save($obj)
{
   $obj = xss_clean($obj);
   $obj = $this->_prep_obj($obj);
   // _prep_obj is a private method that removes unnecessary properties.
   // You could xss_clean in that function to keep this method clean.
   return $this->db->insert($this->table, $obj)
}