Best approach - Inserting data relationship tables

[eluser]Mauricio de Abreu Antunes[/eluser]
I created my form.
I'm passing my data to my controller, but i don't know what is the best approach.

action="admin/controller/insert/1" <- setting my id at calling my controller.
or put my id (uri segment) into a input hidden.

What's better?

[eluser]Noobigniter[/eluser]
No idea, I'd say it's the same.
You can also retrieve the id using the segment of the url directly into the controller like $id = $this->uri->segment(4);


however I like to write less, do more (or similar)
That's why I prefer to add the id directly (albeit for an insert I do not ID. (I use the same function for insert and update)).

[eluser]boltsabre[/eluser]
I'm at a loss as to why you want to pass an id if you are inserting a new record, the DB will handle that automatically if you have the id column set to auto-increment.

And I'll just chuck side note in anyway. Whatever method you use for passing around variables, you must do some data cleansing to ensure the user hasn't tampered with it. If it's in the url a baby can change your value, and if it's in your form action attribute, or a hidden input, users can now easily download browser plugins that let them alter those values. I'd check for these things in your case.
1. Is it an INT (php function: is_numeric($var)
2. If you know if can only be within a certain range, also check against that. (ie, if($var < 1 || $var > 2)...
3. Do whatever you want when it fails... log an error message, redirect user somewhere, etc.

[eluser]Mauricio de Abreu Antunes[/eluser]
[quote author="boltsabre" date="1332165285"]I'm at a loss as to why you want to pass an id if you are inserting a new record, the DB will handle that automatically if you have the id column set to auto-increment.

And I'll just chuck side note in anyway. Whatever method you use for passing around variables, you must do some data cleansing to ensure the user hasn't tampered with it. If it's in the url a baby can change your value, and if it's in your form action attribute, or a hidden input, users can now easily download browser plugins that let them alter those values. I'd check for these things in your case.
1. Is it an INT (php function: is_numeric($var)
2. If you know if can only be within a certain range, also check against that. (ie, if($var < 1 || $var > 2)...
3. Do whatever you want when it fails... log an error message, redirect user somewhere, etc.[/quote]

ID 1 is my foreign key, hehe.

[eluser]boltsabre[/eluser]
Ah right, well that makes sense now :-)

I'd go for a hidden field, but NOT with it's value set to a uri segment, but rather as a variable coming from your controller. As I mentioned, it's VERY easy for a user to tamper with the uri, all they have to do is change it in the browser url bar, hit return and hey presto, your form has reloaded with a brand new "foreign key" value.

As mentioned, people can still alter it with plugins and stuff, and you'll still have to do some data cleansing to ensure it hasn't been tampered with, but I believe the harder you make it for "malicious" people to tamper or break your application, the less likely they will even bother trying, a bit like them saying "ah, this guys knows his stuff, lets go find an easier target".

Just my two cents worth :-)

[eluser]Mauricio de Abreu Antunes[/eluser]
I'm using uri segment. What the problem?
It's a link, for example:

Inserting a contact (person with personal data like phone and address)
http://www.example.com/products/contact/insert/1 (inserir contact for product id 1)

I'm setting for my input hidden the uri segment and checking if it's a number and if ID exists and database. :-)

[eluser]boltsabre[/eluser]
ah rite, got you, that's fine, don't worry about what I saying, you've got it all under control!!!