[eluser]Michael Wales[/eluser]
I'm not really sure how that is anymore secure... all you are doing is providing one more layer of arrays to dive through. If someone were to submit a bogus form, their field/values would still be submitted and inserted into the session.
Maybe something like this:
Code:
function make_arr_session($arr, $name)
{
$object =& get_instance();
$data = Array();
$valid_fields = array('username', 'email', 'password');
foreach($arr as $k=>$v)
{
if (in_array($k, $valid_fields)) {
$data[$k] = $object->input->post($k, TRUE);
}
}
$object->session->set_userdata(array($name => $data));
}
This way - the only thing going into the session is what you pre-approve and are expecting from the form.