Inserting validated post vars to db

[eluser]macleodjb[/eluser]
Hi guys,

I was doing pretty well with working with the controller until this point. I created validation rules for my form in the controller, which works great. I was attempting to write a script to insert all the data to my database. I'm having a scope issue somewhere and i'm not sure how to fix it.

Here's my little routine..

Code:

if ($this->validation->run() == FALSE){
            $this->load->view('account/register_form', $data);
        } else {
            if($this->insert_admin()){
                if($uid = get_userid($this->input->post('email'))){
                insert_industry($uid);
                sendregmail();
                } else {
                $data['error'] = "There was an internal error, please try again";
                $this->load->view('account/register_form', $data);
                }
            } else {
            $data['error'] = "There was an internal error, Please try again";
            $this->load->view('account/register_form', $data);
            }
            
            $this->load->view('account/register_true', $data);
        }
        
    }

i have all functions you see inside this little snippet all inside my controller. When i attempt to register it tells me $rules[] is undefined which is being called by insert_admin

Code:

function insert_admin(){
            $insertadmin="INSERT INTO `user_admin` ("
        . "`user_name`, "
        . "`user_email`, "
        . "`user_password`, "
        . "`user_regdate`, "
        . "`user_last_login`, "
        . "`user_fname`, "
        . "`user_lname`, "
        . "`user_type`, "
        . "`security_question`, "
        . "`security_answer` "
        . ") VALUES ("
        . "'".$rules['dname']."', "
        . "'".$rules['email']."', "
        . "'".$rules['password']."', "
        . "NOW(), "
        . "NOW(), "
        . "'".$rules['fname']."', "
        . "'".$rules['lname']."', "
        . "'".$rules['utype']."', "
        . "'".$rules['securityq']."', "
        . "'".$rules['securitya']."');";
        $admin_query = $this->db->query($insertadmin);
        if ($admin_query->num_rows() <= 0){
        return true;
        } else {
        return false;
        }
        
    }

Where did i go wrong, or what do i need to change?

Thanks in advance, sorry for the newbie question.

[eluser]Crimp[/eluser]
I would use the Form_validation class instead (be sure to load it). The validation class is being phased out. I find creating an array of all the rules in the /config folder easiest.

[eluser]srisa[/eluser]
Isn't the error apparent if not obvious? You are using the $rules variable in the function and $rules is neither defined in there not passed as parameter. What is $rules and where did you define it? Moreover, why are you trying to insert the $rules values into the database, shouldn't you be using $this->post->input ?

[eluser]macleodjb[/eluser]
why would i want to use post data when the rules data is already trimmed and cleaned for database injection? see the user manual...

http://ellislab.com/codeigniter/user-gui...ation.html

See the prepping data section.

if you're not going to use the rules to insert to your database then what is the point of prepping data?

by the way i fixed my problem like this

Code:

$this->validation->fname

see my first post, i defined the validation $rules in my controller.
[quote author="macleodjb" date="1233440960"] I created validation rules for my form in the controller, which works great. [/quote]

[eluser]Colin Williams[/eluser]
All the preparation/sanitation happens directly on the $_POST array, macleodjb. Again, I don't think you've read the whole user guide! C'mon now.

[eluser]macleodjb[/eluser]
so if i'm understanding you correctly, you're telling me that when you prep data it doesn't prep the rule it actually preps the post vars?

[eluser]RS71[/eluser]
Shouldn't you be escaping before putting the data in the database?

[eluser]Colin Williams[/eluser]
Prep the rule? The rule contains no posted data, just instructions.

[eluser]macleodjb[/eluser]
perhaps i mis-read. I had the understanding that when you established these "rules" that it was taking those post variables and creating a new array called $rules containing the sanitized data.