Best method to save $_POST data to a database

[eluser]jonnyjon[/eluser]
I'm a CI noob and was wondering the "best practice" with regards to save $_POST data to a database table...

Ideally, I'd just like to send all the $_POST vars to an active record function. Is this generally, the best method? Or should we parse each value and save it manually?

I came across a snip it of code somewhere that pre-parses the $_POST and removed all values for columns that don't exist in the table you are trying to write to... does anyone know where I can find this?

[eluser]dmorin[/eluser]
Sending $_POST info directly to the database is generally a bad idea, especially if you're not using the active record class in which case there won't be any escaping of the information.

I'm not sure about the script you're talking about, but if you have your form fields named identically to the field names in your table, you should be able to pass the $_POST array directly to the insert active record function, but this still has a lot of problems. I would say, use the validation class, make sure the data you're getting is accurate and sanitized, and then pass the fields you need to the active record class.

Good luck. If you have a specific situation, let us know.

[eluser]jonnyjon[/eluser]
Great thanks for the reply!

[eluser]Grahack[/eluser]
If you want to make something really clean, use a model. That's what there here for.

[eluser]Negligence[/eluser]
Step 1: Validate it by content, type, length, etc.
Step 2: Send it to the Model
Step 3: If not using Active Record, PDO, etc., sanitize the values.
Step 4: Parse the values into the query.

There's nothing wrong with sending $_POST to the database, just as long as its sanitized beforehand.