Welcome Guest, Not a member yet? Register   Sign In
On MVC
#1

[eluser]behnampmdg3[/eluser]
Hello; I have 3 questions I appreciate if anyone helps.
1 - Is there any design mistakes I am making here? Also little things like "where is the best place to use htmlentities?" Model view or controller? I'm not sure.
2 - What is the right way of making models? For example is it the right thing to have every member related method in one model? Or is it right to have one separate model per method?
3 - Do you see any obvious security holes?
This is one page and this is the other in case you need to see what it looks like.

It doesnt let me post all the code, so Im gonna post it under this as a reply

Thank you
#2

[eluser]behnampmdg3[/eluser]
View
Code:
<div id="common_div" >
&lt;?php
foreach($details as $val)
    {
    $title = ucwords($val['title']);
    $date_added = "<div class=\"list\">Listed On ".date('l, jS F Y',strtotime($val['date_added']))."</div>";
    $city = ucwords($val['city']);
    $suburb = ucwords($val['suburb']);
    $comments = ucwords($val['comments']);
    $weekly_rent = "<div class=\"list\">Weekly Rent $".$val['weekly_rent']."</div>";
    $furnished = "<div class=\"list\">It is ".$val['furnished']."</div>";
    $security_bond = "<div class=\"list\">Security Bond $".$val['security_bond']."</div>";
    $internet = "<div class=\"list\">".$val['internet']."</div>";
    $carpark = "<div class=\"list\">".$val['carpark']."</div>";
    $tv = "<div class=\"list\">".$val['tv']."</div>";
    $pet = "<div class=\"list\">".$val['pet']."</div>";
    $aircondition = "<div class=\"list\">".$val['aircondition']."</div>";
    $building_type = "<div class=\"list\">".$val['building_type']."</div>";
    $washer_dryer = "<div class=\"list\">".$val['washer_dryer']."</div>";
    $own_bathroom = "<div class=\"list\">".$val['own_bathroom']."</div>";
    $address = "<div class=\"list\">".$val['address']."</div>";
    }
?&gt;
<div class = "about">
    <span>&lt;?php echo $title;?&gt;</span> in &lt;?php echo $city.", ".$suburb;?&gt;
    <a href = "&lt;?php echo site_url();?&gt;">Back To Listings</a>
</div>
&lt;?php
echo "<div class = \"place_details\" clear:both\">";
echo $date_added;
echo $weekly_rent;
echo $furnished;
echo $internet;
echo $pet;
echo $carpark;
echo $own_bathroom;
echo $aircondition;
echo $washer_dryer;
echo $building_type;
echo $address;
echo $security_bond;
echo "<div float:none; clear:both\"></div>";
echo "</div>";
    
        echo "<div class = \"places\" font-size:14px; line-height:25px;\">";
        echo $comments;
        echo "</div>";
        
    
    ?&gt;
</div>

Edit/Delete Message
#3

[eluser]behnampmdg3[/eluser]
Model
Code:
&lt;?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Places_model extends CI_Model
    {
        public $place_results;
        public $ad_details;
        function load_places()
            {
                $query = " SELECT ad_have.id AS AID,
       title,
       comments,
       date_added,
       suburb,
       city,
       city.name  AS cn,
       suburb
FROM   ad_have
       INNER JOIN city
               ON city.id = ad_have.city
       INNER JOIN members
               ON members.id = ad_have.member_id
ORDER  BY date_added DESC
LIMIT  40  ";
                $places= $this->db->query($query);
                foreach ($places->result() as $row)
                    {
                        $this->place_results[]= array('AID'=>$row->AID,'title'=>$row->title, 'city'=>$row->cn, 'date_added'=>$row->date_added
                                                  , 'suburb'=>$row->suburb);
                    }
                return $this->place_results;
            }
            
        
        function place_details($ad_id)
            {
                $query = " SELECT ad_have.id AS AID,
       title,
       comments,
       date_added,
       suburb,
       city,
       city.name  AS cn,
       suburb,
       weekly_rent,
       ad_have.smoke,
       ad_have.views,
       security_bond,
       furnished,
       building_type,
       washer_dryer,
       tv,
       pet,
       carpark,
       internet,
       own_bathroom,
       aircondition,
       address
FROM   ad_have
       INNER JOIN city
               ON city.id = ad_have.city
       INNER JOIN members
               ON members.id = ad_have.member_id
WHERE  ad_have.id =?
       AND active = ?  ";
                $result = $this->db->query($query, array($ad_id, 'y'));
                if($result->num_rows()!=1)
                    {
                        return false;
                    }    
                else
                    {
                        $details = $result->result();
                        $this->ad_details = array('cn'=>$details[0]->cn,
                                'comments'=>$details[0]->comments,
                                'AID'=>$details[0]->AID,
                                'title'=>$details[0]->title,
                                'city'=>$details[0]->cn,
                                'date_added'=>$details[0]->date_added,
                                'weekly_rent'=>$details[0]->weekly_rent,
                                'smoke'=>$details[0]->smoke,
                                'suburb'=>$details[0]->suburb,
                                'security_bond'=>$details[0]->security_bond,
                                'views'=>$details[0]->views,
                                'furnished'=>$details[0]->furnished,
                                'washer_dryer'=>$details[0]->washer_dryer,
                                'tv'=>$details[0]->tv,
                                'carpark'=>$details[0]->carpark,
                                'internet'=>$details[0]->internet,
                                'own_bathroom'=>$details[0]->own_bathroom,
                                'aircondition'=>$details[0]->aircondition,
                                'address'=>$details[0]->address,
                                'building_type'=>$details[0]->building_type,
                                'pet'=>$details[0]->pet
                                );
                        return $this->ad_details;
                    }
            }
            
            
        
            
    }
#4

[eluser]behnampmdg3[/eluser]
Controller
Code:
&lt;?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Ad_details extends CI_Controller {

    public function show_ad($ad_id)
        {
            if(is_numeric($ad_id))
                {
                    $this->load->model('places_model');
                    $place = $this->places_model->place_details($ad_id);
                    if($place)
                        {
                            $data['title'] = html_entity_decode(ucwords($place['title']));
                            if($place['furnished']=='on')
                                {
                                    $furnished = "Furnished";
                                }
                            else
                                {
                                    $furnished = "";
                                }
                            if($place['washer_dryer']=='on')
                                {
                                    $washer_dryer = "Washer / Dryer";
                                }
                            else
                                {
                                    $washer_dryer = "";
                                }
                            if($place['tv']=='on')
                                {
                                    $tv = "TV available";
                                }
                            else
                                {
                                    $tv = "";
                                }
                            if($place['pet']=='on')
                                {
                                    $pet = "Pets Allowed";
                                }
                            else
                                {
                                    $pet = "";
                                }
                            if($place['carpark']=='on')
                                {
                                     $carpark = "Carpark Available";
                                }
                            else
                                {
                                    $carpark = "";
                                }
                            if($place['internet']=='on')
                                {
                                    $internet = "ADSL Available";
                                }
                            else
                                {
                                    $internet = "";
                                }
                            if($place['own_bathroom']=='on')
                                {
                                    $own_bathroom = "Own Bathroom";
                                }
                            else
                                {
                                    $own_bathroom = "";
                                }
                            if($place['aircondition']=='on')
                                {
                                    $aircondition = "Airconditioned";
                                }
                            else
                                {
                                    $aircondition = "";
                                }
                        
                            $data['details'][] = array('AID'=>$place['AID'],
                            'title'=>html_entity_decode($place['title']),
                            'comments'=>html_entity_decode($place['comments']),
                            'date_added'=>($place['date_added']),
                            'suburb'=>html_entity_decode($place['suburb']),
                            'city'=>html_entity_decode($place['city']),
                            'suburb'=>html_entity_decode($place['suburb']),
                            'cn'=>html_entity_decode($place['cn']),
                            'security_bond'=>html_entity_decode($place['security_bond']),
                            'building_type'=>html_entity_decode($place['building_type']),
                            'weekly_rent'=>html_entity_decode($place['weekly_rent']),
                            'address'=>html_entity_decode($place['address']),
                            'furnished'=>$furnished,
                            'washer_dryer'=>$washer_dryer,
                            'tv'=>$tv,
                            'pet'=>$pet,
                            'carpark'=>$carpark,
                            'internet'=>$internet,
                            'own_bathroom'=>$own_bathroom,
                            'aircondition'=>$aircondition,
                            );
                            $this->load->vars($data);
                            $this->view_things();
                        }
                    else
                        {
                            $this->invalid_ad();
                        }
                }
            else
                {
                    $this->invalid_ad();
                }
        }
    
        
    public function invalid_ad()
        {
            $data['invalid']=true;
            $data['title']='Flatmatescenter invalid Ad id!';
            $this->load->vars($data);
            $this->load->view('header_view');
            $this->load->view('invalid_ad_details_view');
            $this->load->view('footer_view');
        }
        
        
    public function view_things()
        {
            $this->load->view('header_view');
            $this->load->view('ad_details_view');
            $this->load->view('footer_view');
        }
}

/* End of file welcome.php */
/* Location: ./application/controllers/welcome.php */




Theme © iAndrew 2016 - Forum software by © MyBB