Forms, loading data and updating database.. |
[eluser]julgus[/eluser]
With the code I fetch some data Code: $query = $this->db->query("select * from atable where id={$this->session->userdata('partner_id')}"); I then call a view Code: if ($this->form_validation->run() == FALSE) I want to use the update_string and therefore I use the $_POST array which I cleans from unwanted elements using the unset function. Is this a proper way of doing things or? Furthermore I tried to use the set_value function in my form after passing the above query result. This didn't work - the function didn't return any data. Is it supposed to work like this? Regards Johan
[eluser]lmv4321[/eluser]
It is very unsafe to insert data into your tables straight from the $_POST array (see XSS attacks). You should use the $this->input->post() function which makes sure the data is defined and clean. See http://ellislab.com/codeigniter/user-gui...input.html for more details. So, to use: Code: if ($this->form_validation->run() == FALSE) |
Welcome Guest, Not a member yet? Register Sign In |