Array passes form validation for string element with the same name -- how to fix? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19) +--- Thread: Array passes form validation for string element with the same name -- how to fix? (/showthread.php?tid=71798) |
Array passes form validation for string element with the same name -- how to fix? - Stanzi1791 - 09-25-2018 I've set up form validation for (amongst other fields) a text input box with the name "cms", this is in my application\config\form_validation.php file: // ... array( 'field' => 'cms', 'label' => 'CMS', 'rules' => 'is_natural_no_zero' ), // ... If I use a regular <input name="cms" value="value"> this works fine. Yet, if I tweak the html for the form, and send a "cms" array to the controller instead of a string value, like this <input name="cms[]" value="some"><input name="cms[]" value="other"> this array passes the validation rule! Which is not what I want, nor what I expected. I would expect (and want) the form validation to fail if an array instead of a string value was submitted. Is there a way to enforce this in CodeIgniter (using validation rules)? RE: Array passes form validation for string element with the same name -- how to fix? - dave friend - 09-25-2018 If the field name is an array - i.e. cms[] - then you must use the exact same for your Validation Rule field name. e.g. PHP Code: $this->form_validation->set_rules('cms[]', 'CMS', 'is_natural_no_zero'); See Using Arrays as Field Names RE: Array passes form validation for string element with the same name -- how to fix? - Stanzi1791 - 09-26-2018 (09-25-2018, 09:04 PM)dave friend Wrote: If the field name is an array - i.e. cms[] - then you must use the exact same for your Validation Rule field name. e.g. Thank you for your reply. I understand that if I want to use an array, I have to alter the validation rules. But that is not what my question is about: I was trying to simulate the case where someone sends a forged post request to my controller, in which case it shouldn't validate. After some further research I really do think there's a bug in CodeIgniter's the form validation code. I fixed it by creating a file at application\libraries\MY_Form_validation.php, copying the _execute function, and replacing this // If we get an array field, but it's not expected - then it is most likely // somebody messing with the form on the client side, so we'll just consider // it an empty field $postdata = is_array($this->_field_data[$row['field']]['postdata']) ? NULL : $this->_field_data[$row['field']]['postdata']; with this // If we get an array field, but it's not expected - then it is most likely // somebody messing with the form on the client side, so we'll just consider // it an empty field $postdata = is_array($this->_field_data[$row['field']]['postdata']) ? "" : $this->_field_data[$row['field']]['postdata']; $this->_field_data[$row['field']]['postdata'] = $postdata; (Using NULL won't work here, because NULL values are not re-assigned to the $_POST array by the _reset_post_array function.) |