form_validation messes up the POST

[eluser]Unknown[/eluser]
I have a controller that performs the form_validation check:

Code:

function sample_form() {

  if ($this->form_validation->run() == TRUE) {
    $this->load->view('success_view');
  }

}

And the "success_view" view that represents the data:
for example:

Code:

<?php
  echo set_value('name');
  echo set_value('surname');
  echo set_value('note');
?>

There is also a $config array in form_validation.php that sets the default validation rules for a controller:

Code:

$config = array(
  'sample_ctrl/sample_form' =>
    array(
      array('field' => 'name', 'label' => 'Name', 'rules' => 'required'),
      array('field' => 'surname', 'label' => 'Surname', 'rules' => 'required')
    )
);

The validation works as it should on "name" and "surname", but the "note" seems to be the problem. It has no set validation rule and it allows anything to be input, but the problem is that the set_value('note') does not refill the textbox when I submit the form (the code was not written for brevity).

Even more strange thing is that when I add an empty rule to the $config array, everything works fine and set_value refills the input textbox as intended:

Code:

array('field' => 'note', 'label' => 'Note', 'rules' => '')

Am I missing some important concept with validation, or is this some kind of a bug?

[eluser]Dam1an[/eluser]
If you don't create a rule (even an empty one) CI doesn't know about that particular field, so it doesn't know to get its contents on a submit, and doesn;t know of a variable called 'notes' with which to repopulate it with

On a side note, you will probably want to make all your rules trim to get rid of whitespace

[eluser]Unknown[/eluser]
Thank you for your response.

I don't actually understand why is set_value coupled with validation in any way.

I thought that you define rules for only those fields you actually need rules, and the rest are submited unfiltered, but I guess I was wrong...

I think this scenario should be somehow documented.

I'll dive into the set_value and validation engine to see the exact relations...

Thanks again.

[eluser]Dam1an[/eluser]
Set value lets you set a default value for a text field, and also sets it to the value which was submitted if you fail validation.

I'm not sure if it was a concious decision that you have to set rules for everything 9even blanks) or they assumed you'd always have a rule (such as trim)

[eluser]Thorpe Obazee[/eluser]
[quote author="Dam1an" date="1242875011"]Set value lets you set a default value for a text field, and also sets it to the value which was submitted if you fail validation.

I'm not sure if it was a concious decision that you have to set rules for everything 9even blanks) or they assumed you'd always have a rule (such as trim)[/quote]

Dam1am, I think what they were assuming is that you'd always be validation user input which is I think every common?

[eluser]theshiftexchange[/eluser]
[quote author="bargainph" date="1242886578"][quote author="Dam1an" date="1242875011"]Set value lets you set a default value for a text field, and also sets it to the value which was submitted if you fail validation.

I'm not sure if it was a concious decision that you have to set rules for everything 9even blanks) or they assumed you'd always have a rule (such as trim)[/quote]

Dam1am, I think what they were assuming is that you'd always be validation user input which is I think every common?[/quote]

Sometimes you may not want to:

I sometimes dont want/need to validate a drop down list - because the 3-4 choices I give them are ALL valid - and the 'default' select on the drop-down list is what is selected 90% of the time. So why force a 'blank' validation rule to be run on the field?

[eluser]Thorpe Obazee[/eluser]
[quote author="theshiftexchange" date="1242896058"]
Sometimes you may not want to:

I sometimes dont want/need to validate a drop down list - because the 3-4 choices I give them are ALL valid - and the 'default' select on the drop-down list is what is selected 90% of the time. So why force a 'blank' validation rule to be run on the field?[/quote]

How can you be so sure that they are valid when POST can also be tampered with? I believe it's included in the "don't trust user input zone"

testing tamperingxxxxxxxxxx <-- tampered content

[eluser]theshiftexchange[/eluser]
[quote author="bargainph" date="1242897473"][quote author="theshiftexchange" date="1242896058"]
Sometimes you may not want to:

I sometimes dont want/need to validate a drop down list - because the 3-4 choices I give them are ALL valid - and the 'default' select on the drop-down list is what is selected 90% of the time. So why force a 'blank' validation rule to be run on the field?[/quote]

How can you be so sure that they are valid when POST can also be tampered with? I believe it's included in the "don't trust user input zone"

testing tamperingxxxxxxxxxx <-- tampered content[/quote]

I guess it depends on the level of security you want to provide for your site.

if you use $this->input-post() then you know it covered from a security point of view - and thats how I handle all my drop-down fields at the moment.

If I went ahead and created validation rules on all my dropdown menus it would only be something like trim|required|alpha-numeric - and your example would still get past my validation rule.

The only way I see to stop what your example is would be to create a _callback method for each dropdown - and have it compare the data posted to the data I displayed (as my drop-downs are often dynamically created) - and check at least one matches?

[eluser]Thorpe Obazee[/eluser]
[quote author="theshiftexchange" date="1242898611"]The only way I see to stop what your example is would be to create a _callback method for each dropdown - and have it compare the data posted to the data I displayed (as my drop-downs are often dynamically created) - and check at least one matches?[/quote]

well, my point is that I think every user input should be validated. As you said in your previous post, "you don't want/need validation" on dropdowns.

Anyway, I'm guessing your solution is the best option to prevent tampering of POST on dropdowns or if it's db driven you'd check if the value exists.

EDIT: sorry if the thread comments has gone offtopic