Quote:Let's say I have a Controller and a View where you can edit a customer (where 123 is the customer's unique ID):
/customer/edit/123
do not do this. i know its in almost every api tutorial to do it this way - but if you have any choice at all do not because exposing the customer id, or a db record id in the URL for a page that you need to be logged in to access - is insecure.
Quote:then do some jiggery poker
sounds legit
so here is another way - yes (obviously) you should have separate methods, because you need to call different validation etc. but you also can call the same form url in your different forms - just put a hidden form field like
PHP Code:
form_hidden( 'task', 'editcolors' );
then in the controller method that the form goes to - pick up the 'task' and route to the correct method based on the hidden form field -
and make the method private like _editcolors()
