Redundant or Safer? |
[eluser]Jesse Schutt[/eluser]
Hello All, I am collecting info from a form and posting it to my db using the following code. It occurred to me that the $post_data array that I have created might be redundant. Should I pass the _POST array to the model instead of writing my own $post_data array? Code: if ($this->validation->run() == FALSE) In other words, is this better practice? Is it safe? Code: if ($this->validation->run() == FALSE) Thanks in advance! Jesse
[eluser]SitesByJoe[/eluser]
If there were values in your post that you didn't want to pass to the db or any additional information alterations needed you would certainly want to create a new array. This would typically follow up a successful validation check.
[eluser]Jesse Schutt[/eluser]
Thanks for the thoughts! That makes good sense. Right now the POST array contains all the information I want to drop into a new record in the DB. Does Codeigniter sanitize the POST array? I read in the docs that the keys to the POST array are cleaned, but it doesn't mention anything else... Thanks!
[eluser]meigwilym[/eluser]
The POST array accessed through Code: $this->input->post('value'); The $_POST is left untouched. http://ellislab.com/codeigniter/user-gui...input.html Mei
[eluser]Jesse Schutt[/eluser]
Mei, Thanks! Let me make sure I am understanding what you are saying... Code: $this->input->('whatever_input_name_from_my_form_here'); Is that right? If so, that is what I was doing in my very first example. I am wondering if I can pass the entire $_POST variable to the method safely. Thanks for your input! Jesse
[eluser]JoostV[/eluser]
If you use Code: $this->validation->whatever_input_name_from_my_form_here; This gives you more control over sanitizing input. However, if you're going to use input, it's Code: $this->input->post('whatever_input_name_from_my_form_here'); Code: $this->input->('whatever_input_name_from_my_form_here'); Finally, even if CI sanitizes a lot of your input, you should still always sanitize input. For instance, if you execute Code: $this->db->where('id', $id);
[eluser]Rick Jolly[/eluser]
One thing to note is that validation works directly on the $_POST array and alters it according to your validation rules. I agree that you should specify the $_POST variables you want to pass to the model. You can automate the process a bit. I'd prep the values using validation and then create a helper to pass only the fields defined in validation to the model. |
Welcome Guest, Not a member yet? Register Sign In |