Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion $this->validator->getValidated() looks stupid and unnecessary
$this->validator->getValidated() looks stupid and unnecessary
  • Offline sammyskills
    Member
  • ***
  • Posts: 116
    Threads: 2
    Joined: Nov 2020
    Reputation: 7
#2
10-09-2023, 07:51 AM

From the docs:

Quote:The actual validated data can be retrieved with the getValidated() method. This method returns an array of only those elements that have been validated by the validation rules.

Quote:if $this->validate() returns true then we can be sure about the submitted data.

No, this is not true. You can only be sure of the data that was VALIDATED and not all the submitted data. An attacker, for example can send some other data to your form, and it will be included in the request, and since it is not being validated (no rules set), the submitted data may contain more than what you envisaged.

So, to be sure that you are only retrieving or using the exact data that you expect, getValidated() does the trick. Before now, you may be doing something like so:

PHP Code:
if ($this->validate($rules) {
    $postRequest $this->request->getPost(); // this may also contain some unexpected data.


PS: You could have made your point or request without using derogatory words.
Reply


Messages In This Thread
RE: $this->validator->getValidated() looks stupid and unnecessary - by sammyskills - 10-09-2023, 07:51 AM



Theme © iAndrew 2016 - Forum software by © MyBB