Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming When passing form data
When passing form data
  • El Forum
    Guest
  •  
#1
01-06-2010, 08:39 PM

[eluser]sdotsen[/eluser]
I've seen this ...
Code:
$todo = array(
          'name'=>$this->input->post('title'),
          'description'=>$this->input->post('description')
);
$this->Todo_model->add($todo);

But then I've seen other tutorials using this ...
Code:
$this->Todo_model->add($_POST);
Option two would require less typing, but which is better?
  • El Forum
    Guest
  •  
#2
01-06-2010, 08:54 PM

[eluser]brianw1975[/eluser]
from all that you have provided of your code option 2 is insecure and does not filter the POST for XSS,SQL,etc injection attempts
  • El Forum
    Guest
  •  
#3
01-06-2010, 08:58 PM

[eluser]sdotsen[/eluser]
oh ... hmmmm ... i knew i was missing something. so here's a part of my code from the controller.
I'm new to CI but been programming in PHP for yrs now.

Now that I look at it, it seems, my $_POST will override everything I have in $records.

Code:
$records['email']    = "trim|required|min_length[4]|xss_clean";
        
$this->validation->set_rules($records);
        
if ($this->validation->run())
{
   $this->account_model->saveAccountSettings("sam", $_POST);
   $this->session->set_flashdata('message', 'Done!');            

   redirect('account/settings');
} else {
...
}




Theme © iAndrew 2016 - Forum software by © MyBB