[eluser]porangi[/eluser]
Hi,
I'm new to CodeIgniter and am just wanting to make sure I get the whole form validation process correct. This is how I see it:
1) User completes form and submits it.
2) Controller validates the form including xss_clean
Code:
function comment_validate() {
$this->load->library('form_validation');
//Validate Fields in the order of field name, error message and validation rule.
$this->form_validation->set_rules('title','title', 'trim|required|min_length[5]|max_length[128]|xss_clean');
$this->form_validation->set_rules('author','author', 'trim|required|min_length[1]|max_length[25]|xss_clean');
$this->form_validation->set_rules('body','body', 'trim|required|min_length[5]|xss_clean');
return $this->form_validation->run();
}
3) If validation passes calls the model.
Code:
function comment_insert() {
//Run validation and check response
if ( $this->comment_validate()== FALSE) { //Fail return to form
$this->comment_new();
} else { //Validation Success - go ahead and insert record
$this->load->model('blog_model');
if($query = $this->blog_model->comment_insert()) { //True redirect to success page.
redirect('blog_admin/comments');
}
}
}
4) Model constructs the insert array from the INPUT fields and passes it to the Database:
Code:
$new_update_data = array (
'post_id' => $this->input->post('post_id'),
'title' => $this->input->post('title'),
'body' => $this->input->post('body'),
'author' => $this->input->post('author'),
'pdate' => $this->input->post('pdate'),
'published' => $this->input->post('published'),
);
$this->db->where('id', $this->input->post('id'));
$update = $this->db->update('blog_comments',$new_update_data);
return $update;
My question is should I be calling the inputs again in part 4 or am I bypassing the validation and xss_clean. If this is the case I guess I should pass variables to the function from the previous step.
If I am right I guess I should also be using the escape function in step 4 to be sure my query is escaped correctly.
Another question is related to validating AJAX calls. If I have a JQuery AJAX call like
Code:
//Call Ajax and update image if successfull.
$.post(
"/index.php/blog_admin/publish_comment",
{ id: id, published: publish_val },
function(data){
if(data=='1') {
document.getElementById("publish_input_"+id).value = publish_val;
document.getElementById("publish_img_"+id).src = new_image;
}
}
);
Which is recieved by the controller and passes directly to the model is this the right way to process it and should I validate any inputs?
Code:
function publish_comment() {
$new_publish_data = array (
'published' => $this->input->post('published'),
);
$this->db->where('id', $this->input->post('id'));
$update = $this->db->update('blog_comments',$new_publish_data);
return $update;
}