Can't associate controller function with rule group -- Config Validation

[eluser]jbibbings[/eluser]
If you use a dynamic URL like for example when allowing a user to edit their own account information, you might end up with a URL that looks like this:

http://mysite.com/users/index/1

You are calling the Users controller, the index() method, and the user ID 1.

When a URL is structured this way, it is not possible (or very difficult) to use the Config Validation rules that associate a controller function with a rule group. Creating a form_validation.php file in the config folder, and setting a rule like:

Code:

$config = array(
        'users/index' => array(
                             array(
                                'field' => 'username',
                                'label' => 'Username',
                                'rules' => 'required
                              )
                           )

                    );

This will not work.

At first, this may seem correct, because you have a rule called 'users/index and a corresponding method called 'index' in the 'Users' controller.

What may not be obvious here is that CI checks the absolute URI against the validation rule names to decide whether or not to apply rules. In this case, users/index/1 does not match /users/index, and the validation will fail for lack of any rules.

To get around this, you can simply use the named rule sets and run the validation in your controller with $this->form_validation->run('myruleset'); (All described in the validation docs).

I would like to save other people the time it took me to figure this out, but I'm not sure this is a bug?

Any advice on where I could document this to help others?

[eluser]toopay[/eluser]
I will not consider that as a bug. Submitting the id via url is a harmless way, in fact it a bad practice. You should send that via $_POST variable.

[eluser]jbibbings[/eluser]
Why is this bad practice?

I have users who can select multiple shipping addresses. There is a page that lists all of the addresses, and allows them to edit. In order to know which address to pull from the database, I need a reference.

Because this is a page that just lists the addresses, there is no form to post - just an edit button that uses an anchor tag and sends a get request.

Code:

<div class="addresses">
<ul>
    &lt;?php foreach($address as $row){ ?&gt;
    <li>
    <h3>&lt;?php if(empty($row->addressname)){ echo "- Untitled -"; } else { echo $row->addressname; } ?&gt;</h3>
    <div class="vcard"><span class="fn">&lt;?php echo $row->contactname; ?&gt;</span>
    <span class="email">&lt;?php echo $row->recipientemail; ?&gt;</span>
    <span class="tel">&lt;?php echo $row->recipientphone ;?&gt;</span>
    <span class="rext">&lt;?php if(!empty($row->rext)) echo 'Ext.' . $row->rext; ?&gt;</span>
    <span class="adr"> <span class="street-address">&lt;?php echo $row->address1; ?&gt;</span>
    <span class="extended-addres">&lt;?php echo $row->address2; ?&gt;</span>
    <span class="locality">&lt;?php echo $row->city; ?&gt;</span>,
    <span class="region">&lt;?php echo $row->state; ?&gt;</span> <span class="postal-code">&lt;?php echo $row->zip; ?&gt;</span> </span>
    </div>
    
    &lt;!-- echo the address row onto the end of the edit and delete urls --&gt;
    <p class="action"><href="&lt;?php echo site_url('account/edit_address/' . $row->address_id ?&gt;" class="edit">Edit</a

<href="&lt;?php echo site_url('account/delete_address/' . $row->address_id ?&gt;" class="remove">Delete</a></p>



    </li>
    &lt;?php } ?&gt;
</ul>
</div>

How would you do this differently?

[eluser]toopay[/eluser]
There thousand ways to do that. Retrieve data from session, validate cookies, send HTTP authentification, using hidden fields which sends the id, and so on. When you provide an access to your user to reach your server resource, its okay to reference the id via url, but not for write access (update, save or delete resource).

[eluser]jbibbings[/eluser]
Yes, in this code the id is only used as a reference.

I use the ID only to retrieve the resource. When the user updates, the ID and other information is sent via POST to the server.

Does this make better practice?