Using Flashdata to pass data through a redirect()

#1
[eluser]Gwarrior[/eluser]
Using Flashdata to pass data through a redirect().

Is this a good idea? What are the potential security risks associated with this?

Also, I have recently started conforming to the way that the tutorials do things, and instead of writing forms that POST to themselves

Example:
Code:
<form method="post" action="">

and handling the information with IF's, I have begun having them go to individual Controller functions,

Example:
Code:
<form method="post" action="<?php echo site_url().'/controller/do_edit_blog'; ?>">

and that is where my need comes in to have data passed through redirects.

Now, if this isn't the preferred method, I would like to stop doing it this way before I get used to it. So to you guys, the community, what do you think?

Thanks!

#2
[eluser]rogierb[/eluser]
Wouldn't do it. If you use database sessions it is an write and read from the db. Just store it in a hidden field if you need it. You can even encrypt it, the decrypt when you need it.

Edit: having read trough your post again, I am confused...
Are you having trouble generating an URI with data or do you want to store data to be used after the redirect?

#3
[eluser]bigtony[/eluser]
You can use this for the form tag:
Code:
<?php echo form_open('controller/function'); ?>
Also, agree with rogierb and recommend using database sessions which are encrypted.
Code:
// In config.php
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;

#4
[eluser]BrianDHall[/eluser]
I avoid flash data for this reason, its nice but annoying when it gets lost on redirect (which is really where it would be most useful).

I recommend you use a regular session and then when you need the variable use it, then kill it once you are done with it.

#5
[eluser]Gwarrior[/eluser]
@Rogier: Not having trouble passing URI segments. I want to store data to be used after the redirect. In this case, it would be the error message generated from an unsuccessful file upload.

Am I doing this right, or should I just be self-handling the submitted data on the same controller function?

Thanks for all the replies!

#6
[eluser]rogierb[/eluser]
Even in you case I would use the URI to pass some variable corresponding to the error message you want.

<code>http://somesite.com/controller/method/some_variable/error_number/5</code>

But then again, you can use flash data to do this. :-)

#7
[eluser]tobefound[/eluser]
But guys, isn't this why the Flashdata support is in core CI in the first place?

Consider this common scenario:

Code:
class Upload extends Controller
{
  //Construction and stuff goes here

  function index()
  {
    //load the upload form view (which when submitted of course calls '/upload/upload_file')
  }

  function upload_file() //called when user wants to upload a file
  {
    // All the uploading file stuff here

    // if all went fine
    if (ok)
    {
      $this->session->set_flashdata(array('msg'=>'All went fine!'));
    }
    else
    {
      $this->session->set_flashdata(array('msg'=>'Chaos! Uploading crashed!!!'));
    }        

    //Use redirect as loading a view will not display the flashdata (needs a new request)
    redirect('/upload/');
  }
}

The view then contains

Code:
&lt;?php echo $this->session->flashdata('msg'); ?&gt;

// here the upload form stuff goes

Is this wrong you mean?

Of course, I can appreciate the downside of having to read/write from DB all the time (if activated). If this is the only caveat, is there no way to store flashdata in cookies while storing session userdata in DB?

All input is greatly appreciated.

#8
[eluser]Phil Sturgeon[/eluser]
[quote author="BrianDHall" date="1254430225"]then kill it once you are done with it.[/quote]

Treat those session variables like a hooker on GTA. :lol:

#9
[eluser]Michael Wales[/eluser]
You should absolutely use Flashdata in this scenario - this is why it was designed, it serves very little purpose if not used in this test case. Every other framework in existence that implements "flashdata" did it with this scenario in mind.

#10
[eluser]tobefound[/eluser]
How about storing Flashdata in a cookie to avoid frequent db read/writes? Is there any support for it?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.