Call a controller only if form submitted - disallow manual entry of URI

[eluser]jahboite[/eluser]
If I'm using a controller that is supposed to be called only upon submission of a form, how do I ensure that if the URI is typed into the browser address bar, the controller is not called?

I've worked around this issue, by submitting a hidden field with the form and then, in the controller, I check if isset and redirect to the default controller if it isn't
(if it is, I unset it because I'm using: $this->db->insert('table_name',$_POST) ).

This make sense? Is there a CI inbuilt way to do this that doesn't remove the URI functionality for controllers that I would allow to be called from the address bar?

Does anyone have any suggestions for better ways to do this?

[eluser]xwero[/eluser]
If you mean you want to make a controller method private you have to prefix your method name with an underscore.

[eluser]Martín M.[/eluser]
If I understood you correctly (I'm not sure), you just should check if $_POST contains something...

[eluser]jahboite[/eluser]
Martin - you understand me correctly and thank you for the response! However, I'm coding for a facebook app and whenever a form is submitted, facebook adds stuff to the $_POST array. This seems to happen when I type the URL too, which is why I've had to add something myself and test for it.

Having said that, as xwero rightly points out (thank you!), I should have re-read the effing controller section in the guide, because it's there staring me in the face! Make a controller private by prepending an underscore to the name. I've wasted hours of my life trying to work that bastard out!!!!!! Thanks again xwero. :red:

[eluser]jahboite[/eluser]
Ok, so maybe I'm not as crazy as I thought.
If I make a controller private, can I submit a form to it with echo form_open('class/_method'); ? 'cos I'm just getting 404 errors.

[eluser]Rick Jolly[/eluser]
A private method can only be called by the class itself, so "form_open(’class/_method’);" won't work. Why not add a hidden field to your form. If that field isn't in the post array, then consider it an invalid submission.

[eluser]jahboite[/eluser]
Right, thanks Rick Jolly. That's what I did (see/decipher topic opener!), but I wasn't sure that it is such an elegant solution. It works though, so unless anyone's got any better ideas, it's good enough for me. And I'm not so upset about spending most of the day on it now...

Onwards and Upwards. Cheers people!