Saving data to the database after form validation - best practices?

[eluser]mddd[/eluser]
Suppose you have used the form_validation class to check your POST data. Everything is okay, prepped and checked.

Now you want to save it to the database. What's the cleanest way to do so? I could write a series of $this->db->set('name', set_value()) statements. But I have the feeling there should be a nicer way.

Anybody who wants to give their opinion or experience with this? I've used the form_validation library before but this is the stage that always has me thinking 'there should be a better way'. Perhaps making use of the information you already passed to the validation library.

[eluser]bretticus[/eluser]
The "best way" is subject to your opinion and needs.

However, it's pretty common to call a model method (that you have built for the purpose) with parameters for each column that needs to be stored. Some folks like to send an associative array to the model method instead (like the $_POST array, for example. Which, if you do, be sure to use active record inserts to filter the data.) Don't use the form helper function set_value() as it's not quite as secure as using xss filters from the input class (i.e. $this->input->post('key', TRUE); ) Besides, the input class is always loaded.

Have fun!

[eluser]WanWizard[/eluser]
I have a sort of standard flow for a method that displays and processes a form.

In pseudo code:

Code:

// initialize the view data array
$data = array( 'messages' => "" );

// returns an array, filled if record is found, or with default values (and id=0) if not.
if ( $record = $this->model->load_record_from_url() )
{
    // record not found, URI info bogus, etc. handle it here
}

// check if the form was posted
if ( form_posted('my_form_page') )
{
    // define all form validation rules (or load them from a config file)

   // run the form validation
   $validated = $this->form_validation->run();

    // update the record array from the post
    // ( requires form field names to be identical to column names )
    // or make a manual mapping using the second parameter
    $record = update_from_post($record, array('extra_field' => 'db_column') );
}
else
{
    // no form to validate
    $validated = FALSE;
}

// was the form posted and did it validate?
if ( $validated )
{
    if ( $record['id'] )
    {
        // update the record here

        // inform the user
        $data['messages'] = "Record updated.";
    }
    else
    {
        // insert a new record here

        // update the record with the new record id
        $record['id'] = $this->db->insert_id();

        // inform the user
        $data['messages'] = "Record inserted.";
    }
}
else
{
    // fetch the validation errors
    $data['messages'] = validation_errors();

}

// add the record to the view data array
$data['record'] = $record;

// load the form
$this->load->view('my_form_page');

This does everything in one go:
- load the record to edit, or initializes one if a new record is being added
- validates the form
- updates the record data with the posted form data
- updates or inserts the record, based on the presence of the record's ID
- load the form, and display messages (if any)

I use form_posted() and update_from_post() (they are actually methods in my form_validation extension) to check if the form I'm interested in is posted (via a hidden field in the form), and to copy data from form fields back to the record after validation.

[eluser]mddd[/eluser]
Thanks bretticus and WanWizard.

@bretticus: Good point, I have to make sure the data passes through the xss filter somewhere along the process.

@WanWizard: Nice overview, thanks. The main idea looks a lot like what I usually do too. As I am starting on a new project now, which has a few forms (like most..) I thought I'd make it more structured and more reusable.
Question about the update_from_post part: do you use the form_validation library as the basis for this (e.g. walking along the fields set in form_validation) or do you provide the field list some other way? And do you use set_value etc. or take the values form $this->input->post?