Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming $this->db->insert($_POST); Is there a way to exclude one field?
$this->db->insert($_POST); Is there a way to exclude one field?
  • El Forum
    Guest
  •  
#1
04-29-2009, 03:09 AM

[eluser]0plus1[/eluser]
I have a form inizialized like this:

Code:
<?=form_open('xyz/submit');?>

I have a field that I don't need to put into the database but using:

Code:
$this->db->insert('db',$_POST);


CI tries to query it.. now I wonder, is there a way to avoid this? Or do I have to make it like this?

Code:
$data = array('woof' => $_POST['woof'] , 'meow' => $_POST['meow']);

Thanks
  • El Forum
    Guest
  •  
#2
04-29-2009, 03:26 AM

[eluser]xwero[/eluser]
Code:
$fields = $_POST; // move the array to a variable to keep the post global in its original state
unset($fields['woof']);
$this->db->insert('table',$fields);
unset($fields); // not needed anymore
  • El Forum
    Guest
  •  
#3
04-29-2009, 03:34 AM

[eluser]Dam1an[/eluser]
Although zwero's code is valid, its generally good practice to avoid doing so
You'll probably need to validate all the data before you add it to the database
You could also potentially have other unexpected things in there
I also prefer to use $this->input->post('var') instead of $_POST['var']
  • El Forum
    Guest
  •  
#4
04-29-2009, 03:38 AM

[eluser]0plus1[/eluser]
[quote author="Dam1an" date="1241015646"]Although zwero's code is valid, its generally good practice to avoid doing so
You'll probably need to validate all the data before you add it to the database
You could also potentially have other unexpected things in there
I also prefer to use $this->input->post('var') instead of $_POST['var'][/quote]

Wait, i thought that:

Code:
$rules['woof'] = "required|integer|xss_clean";
$this->validation->set_rules($rules);

Would clean everything so that I had a clean $_POST.. am I wrong here?

@xwero -> thanks
  • El Forum
    Guest
  •  
#5
04-29-2009, 03:40 AM

[eluser]Dam1an[/eluser]
@0plus1: I didn't know you had that all defined elsewhere Smile
  • El Forum
    Guest
  •  
#6
04-29-2009, 04:04 AM

[eluser]xwero[/eluser]
Dam1an $this->input->post(‘var’) has not much benefit over $_POST[‘var’].

The post method checks if the value is present in the global. In this case it's not needed because you know it's present.

You can set the second parameter of the post method to true to prevent xss attacks. I think if you use the method in cooperation with validation, you should set the value to true and not do the cleaning during the validation.

Using the post method in this scenario means adding each field manually which is the most typing.
  • El Forum
    Guest
  •  
#7
04-29-2009, 05:18 AM

[eluser]Vicente Russo[/eluser]
Here is what I do:

Code:
// Form sent        
$excludes = array('submit','form_state', 'select_state', 'img_state'); // Fields will not be inserted on DB

// Optional. Here I set the array with the input names from form and associate with names of the field on database
$fieldnames = array(
    'product_name' => 'name',
    'form_image' => 'image',
    'status' => 'status',
    'id_category' => 'id_category',
    'id_subcategory' => 'id_subcategory',
    'id_brand' => 'id_brand',
    'id_model' => 'id_model',
);

$post_temp = array();
foreach($_POST as $index => $value) {
    if(!in_array($index,$excludes)) {
        $post_temp[$fieldnames[$index]] = $this->input->post($index);                                    
    }
}

In the end, you`ll have $post_temp variable ready to be inserted. Please try and tell me what you think
  • El Forum
    Guest
  •  
#8
04-29-2009, 05:25 AM

[eluser]Dam1an[/eluser]
@Vicente Russo: Thats a nice idea, especially for me, as I always name form names and database fields the same, so I would just need the excludes array, set that as a config item, and put the foreach loop into a function, and it becomes a very neat way to do it Smile
  • El Forum
    Guest
  •  
#9
04-29-2009, 06:44 AM

[eluser]xwero[/eluser]
Most of the times there is no reason to give other names to form fields. This is why people create form generation libraries.

Because the database fields are less likely to change i think its better to make the check positive and the next step is to create a function.
Code:
function prep_set($input,$allowed)
{
   $output = array();

   foreach($input as $key => $val)
   {
      if(in_array($key,$allowed))
      {
          $output[$key] = $val;
          if(count($output) == count($allowed)){ break; }  // to stop looping as soon as possible
      }
   }

   return $output;
}
And the usage can be as simple as
Code:
$this->db->insert('db',prep_set($_POST,$this->db->list_fields('db')));
  • El Forum
    Guest
  •  
#10
04-29-2009, 07:02 AM

[eluser]Dam1an[/eluser]
[quote author="xwero" date="1241027072"]
Because the database fields are less likely to change i think its better to make the check positive and the next step is to create a function.[/quote]

You're right, thats a much nicer way to do it, and much more robust too Smile
Good job xwero




Theme © iAndrew 2016 - Forum software by © MyBB