Welcome Guest, Not a member yet? Register   Sign In
$this->db->insert($_POST); Is there a way to exclude one field?
#11

[eluser]TheFuzzy0ne[/eluser]
How about doing it the other way? Simply loop through the allowed values, and extract them from the $input array? That should be more efficient.

Code:
function prep_set($input,$allowed)
{
   $output = array();

   foreach($allowed as $key)
   {
      if(in_array($key,$input))
      {
          $output[$key] = $input['key'];
      }
   }

   return $output;
}

EDIT: I really think that we need a this->input->all_post(), or that $this->input->post() should return the entire post array if no values are specified.
#12

[eluser]xwero[/eluser]
One less check, nice!
#13

[eluser]xwero[/eluser]
[quote author="TheFuzzy0ne" date="1241028758"]
EDIT: I really think that we need a this->input->all_post(), or that $this->input->post() should return the entire post array if no values are specified.[/quote]
What is wrong with good ol $_POST?
#14

[eluser]Dam1an[/eluser]
[quote author="xwero" date="1241029126"][quote author="TheFuzzy0ne" date="1241028758"]
EDIT: I really think that we need a this->input->all_post(), or that $this->input->post() should return the entire post array if no values are specified.[/quote]
What is wrong with good ol $_POST?[/quote]

Yeah, also, if there was such a function, I'd be very suprised if it contained anything other then just return $_POST, so you have the additional overhead of a function call (plus that little bit extra in memory when loading the input class
#15

[eluser]TheFuzzy0ne[/eluser]
[quote author="xwero" date="1241029126"]What is wrong with good ol $_POST?[/quote]

Consistency. I use $this->input->post() for just about everything, but it looks odd when $_POST is used in the code.

[quote author="Dam1an" date="1241029703"]Yeah, also, if there was such a function, I'd be very suprised if it contained anything other then just return $_POST, so you have the additional overhead of a function call (plus that little bit extra in memory when loading the input class[/quote]

True, but it's only a tiny bit of overhead that quite possibly can't even be measured accurately - especially when you consider how many times one might have already called on $this->input->post() in any given request anyway.

For me, consistency plays a big part when it comes to Web development. I actually put clarity over performance. The reason for this is that I can write seriously compact code, but if it's not clear what's going on, then what good is it?
#16

[eluser]xwero[/eluser]
I advise against using input->post as it brings very little to the table. The main feature from the method is that it has xss cleaning but it's not turned on by default so using $this->input->post() is as safe a using $_POST[].

To check if the key exists and isset check is enough, the post method is a input fetching method which has as secondary feature an isset check.

I'm a big fan of consistency but not at all costs. I like to stay as close to php as possible.
#17

[eluser]TheFuzzy0ne[/eluser]
What if you wanted to sanitize the entire $_POST array, but didn't want to enable global XSS filtering?

I think we are going to have to agree to disagree. It comes down to developer's preferences more than anything else.

Here's my pimped _fetch_from_array() method.
Code:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');


class MY_Input extends CI_Input {
    
    function MY_Input()
    {
        parent::CI_Input();
    }
    
    function _fetch_from_array(&$array, $index = '', $xss_clean = FALSE)
    {
        if ($index === '')
        {
            $arr = array();
            
            foreach ($array as $key => $val)
            {
                $arr[$key] = ($xss_clean === TRUE && ! $this->use_xss_clean) ? $this->xss_clean($val) : $val;
            }
            
            return $arr;
        }
        
        else if (is_array($index))
        {
            $arr = array();
            
            foreach ($index as $key)
            {
                if (isset($array[$key]))
                {
                    $arr[$key] = ($xss_clean === TRUE && ! $this->use_xss_clean) ? $this->xss_clean($array[$key]) : $array[$key];
                }
            }
            
            return $arr;
        }
        
        else if ( ! isset($array[$index]))
        {
            return FALSE;
        }
        
        if ($xss_clean === TRUE)
        {
            return $this->xss_clean($array[$index]);
        }

        return $array[$index];
    }
}

/* End of file MY_Input.php */
/* Location: ./application/libraries/MY_Input.php */

Results:
Code:
print_r($_POST);

Array
(
    'test1' => 'test1',
    'test2' => 'test2',
    'test3' => 'test3',
    'submit' => 'Submit'
)


print_r($this->input->post());

Array
(
    [test1] => test1
    [test2] => test2
    [test3] => test3
    [submit] => Submit
)
            

echo $this->input->post('test1');

test1            

print_r($this->input->post(array('test1', 'test2')));

Array
(
    [test1] => test1
    [test2] => test2
)

As an added bonus, this works with $this->input->get() too.




Theme © iAndrew 2016 - Forum software by © MyBB