[eluser]merrick.christensen[/eluser]
Hey guys, I'm new to Code Igniter and am loving every second of it. Just have a small security concern. That I'm sure I just don't understand.
In all of the demos, documentation, and sample applications I've noticed all the validation and data prepping is done in the controller. This seems fitting to the MVC concept. What I don't understand is in the actual Model. When the validation and prepping has passed you call the Model function and that would be something like:
Code:
function addUser()
{
$user = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name')
);
$insertQuery = $this->db->insert('users', $user);
return $insertQuery;
}
Nothing but inserting the post data. When accessing the post array at this point has CodeIgniter already prepped and validated it? What is to stop some one from posting directly to your Model? Skipping validation and prepping all together?
Any help is greatly appreciated, thanks!
Merrick