Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Filtering input - controller or model?
Filtering input - controller or model?
  • El Forum
    Guest
  •  
#1
12-04-2010, 04:41 PM

[eluser]SpaceCoder[/eluser]
I have such model and controller for AJAX comment posting
model:
Code:
class Items_model extends Model {
function add_comment($item_id, $user_id, $text, $type)
    {
        $data = array(
            'item_id' => $item_id,
            'user_id' => $user_id,
            'text' => $text,
            'type' => $type,
            'created_at' => mktime()
        );
        $this->db->insert('comments', $data);
        return $this->db->insert_id();
    }

controller:
Code:
class Items extends Controller {
function add_comment()
    {
        $this->load->helper('date');
        
        $item_id = $this->input->post('item_id', TRUE);
        $text = $this->input->post('comment_text', TRUE);
        $type = $this->input->post('type', TRUE);

        $user_id = $this->session->userdata('user_id'); // user id, must be logged in
        
        $this->Items_model->add_comment($item_id, $user_id, $text, $type);
        $response = array(
            'message' => 'Thank you!'
        );
        echo json_encode($response);
    }

In controller or in model should I control that $item_id and $text are not null, $user_id is set and user has logged in?
And how?

Best, Kirill.
  • El Forum
    Guest
  •  
#2
12-04-2010, 11:27 PM

[eluser]SpaceCoder[/eluser]
Please, help...
  • El Forum
    Guest
  •  
#3
12-06-2010, 04:58 AM

[eluser]Zehee[/eluser]
Use the Form_validation class in controller is a fine choice.

Meanwhile, do a simple check in model is necessary, my personal view.
  • El Forum
    Guest
  •  
#4
12-06-2010, 06:49 AM

[eluser]SpaceCoder[/eluser]
[quote author="Zehee" date="1291654683"]Use the Form_validation class in controller is a fine choice.

Meanwhile, do a simple check in model is necessary, my personal view.[/quote]

How check the $this->session->userdate('logged_id') flag with Form_validator?
  • El Forum
    Guest
  •  
#5
12-06-2010, 08:43 AM

[eluser]techgnome[/eluser]
Well for the item Id and the text, validate using the form_validation. It's in the User Guide.

For the user being logged in, wouldn't it be better to first check for that before allowing them to comment? That way your add comment process only runs for logged in users.

-tg
  • El Forum
    Guest
  •  
#6
12-06-2010, 08:45 AM

[eluser]SpaceCoder[/eluser]
[quote author="techgnome" date="1291668200"]Well for the item Id and the text, validate using the form_validation. It's in the User Guide.

For the user being logged in, wouldn't it be better to first check for that before allowing them to comment? That way your add comment process only runs for logged in users.

-tg[/quote]
Ok, but where would it better to check logged in? In _remap function? In core extension?
  • El Forum
    Guest
  •  
#7
12-06-2010, 10:18 AM

[eluser]TaylorOtwell[/eluser]
[quote author="SpaceCoder" date="1291668336"][quote author="techgnome" date="1291668200"]Well for the item Id and the text, validate using the form_validation. It's in the User Guide.

For the user being logged in, wouldn't it be better to first check for that before allowing them to comment? That way your add comment process only runs for logged in users.

-tg[/quote]
Ok, but where would it better to check logged in? In _remap function? In core extension?[/quote]

I used to do that in a core extension (usually MY_Controller). In MY_Controller I would put a function "redirect_if_not_logged_in()" and call that from all my controller functions that needed that protection.

Eventually I got tired of putting that line of code in the controller functions. So, I hacked the core to allow for "annotations". Now I just do this:

Code:
/** [MembersOnly] */
public function comment()
{
    //
}
  • El Forum
    Guest
  •  
#8
12-07-2010, 08:29 PM

[eluser]Zehee[/eluser]
[quote author="SpaceCoder" date="1291661392"][quote author="Zehee" date="1291654683"]Use the Form_validation class in controller is a fine choice.

Meanwhile, do a simple check in model is necessary, my personal view.[/quote]

How check the $this->session->userdate('logged_id') flag with Form_validator?[/quote]

I put this function
Code:
function isLogin()
{
    $CI =& get_instance();
    $session_key = $CI->session->userdata('session_key');
    return (!empty($session_key));
}
in my current_helper.php ( I added this helper file).

And in MY_Controller.php add this method:
Code:
protected function _checkLogin($redirect = 'login')
    {
        if (!isLogin())
        {
            redirect($redirect);
        }
        else
        {
            return true;
        }
    }

Then in Controllers:
Code:
class Comment extends MY_Controller {

    function __construct()
    {
        parent::__construct();
    }
    
    function add()
    {
        $this->_checkLogin();
        ...
    }
    ...
}
By this way, when you want to check login somewhere in your website, just call the methd '$this->_checkLogin()' in your controller. Sometimes, your can put this in __construct() when you need.

The data in session always use the similar way.

The data post/get form view use Form_validation class




Theme © iAndrew 2016 - Forum software by © MyBB