Working with forms: best practice

[eluser]Carlton[/eluser]
Hey,

I have managed to create a very basic search form using the form helper very easily, it's nice and quick thanks to the docs and pretty flexible to do most things I need so far.

I have something that is bugging me and not totally sure if I am using forms in the intended way, I mean it works but not sure if it the done way of doing things. I think the documentation is great explain how to display a form but I couldn't find any recommendedations on HOW to use them...i.e. post and process results. I will gladly contribute if the method I have outlined below is correct because it sure is basic

I have put together a quick example, to summarize, my controller index simply displays a form...which when submitted calls the search function. Am I right in using a function to process my data and check the request before redirecting to another controller function with the query in the URL to process the request?

So when I submit my form I might get redirected to...

Code:

http://localhost/index.php/search/nike

Which might display a set of search results, based on my parameter (nike), from a DB in a table perhaps...this seems clean to me, and the URLs seem to make sense from an SEO point of view...do any other users have any feedback on this approach?

Code:

<?php

class Test extends Controller {

    function Test ()
    {
        parent::Controller();
    }

    function index ()
    {
        // Load the form helper
        $this->load->helper('form');
        
        // Open a form using the helper
        $data['content'] = form_open('test/search1');
            
            // No helper for a form label????????
        $data['content'] .= '<label for="customer">Enter text</label>';
        $data['content'] .= form_input(array('id'=>'customer', 'name'=>'customer'), 'search text');
        $data['content'] .= form_submit('submit', 'search');
        //$this->load->view('common/master_view', $data);
        // For simplicity just output the form here, would normally pass to view
        echo $data['content'];
    }

    function search1 ()
    {
        // Use the 'name' attribute from our form display what the search text
        echo $_REQUEST['customer'];
        
        // Perform some sort of checks on search string
        if (isset($_REQUEST['customer'])) {
            // Redirect to a controller to do the search
            redirect('search/' . $_REQUEST['customer']);
        } else {
            redirect('someerror_view');
        }
    }

}

?&gt;

[eluser]Phil Sturgeon[/eluser]
Look at the Input & Security class, more specificly the post method.

[eluser]Carlton[/eluser]
Thanks Pyro, I saw someone mention this in another post too.
I will be using

Code:

$this->input->post()

as opposed to

Code:

$_REQUEST['search_text']

, i can also understand the security benefits here too.

How about the redirecting part after having cleaned my post vars, is that a sensible method to use?

[eluser]Michael Wales[/eluser]
I've used the redirecting method before - in developing a wiki. It works out great in my experience...

[eluser]Unknown[/eluser]
I'm using this method too, but keep wondering is there another solution to the problem (simple search/filtering form) without redirects. I think that such forms should be using the GET method, everything else feels wrong. But the only alternative I've came so far is using JavaScript to build a query url from form fields, but that's very ugly and "obtrusive". As I'm writing this a third solution came to my mind - using the http server rewrite rules to make something like /index.php/search?s=foo to /index.php/search/foo

What do others think? Thanks for your comments.