Access $this->validation->Name inside Models

[eluser]Benedikt[/eluser]
Hi,

I have my form-data sent to a controller which does the validation and requests the user to check her data if sth went wrong or is missing etc.

Now, after all data is confirmed and correct, I want it to be saved into the database. My problem now is that I cant find any hint how to give the validated data (XSS etc) to the model.

Is there a system-variable or anything I can use for?

Thanks for your help,
Ben.

[eluser]Randy Casburn[/eluser]
Hi, When the form is posted back to your controller, you can use a method based on the "success" of your XSS checks or whatever to call some db Model method. Inside the db model you can use these methods:
http://ellislab.com/codeigniter/user-gui...input.html

hope this helps

Randy

[eluser]Colin Williams[/eluser]
XSS functions clean $this->validation->name, $this->input->post['name'], and $_POST['name'], so either one you use will be laundered (thanks, Mr. Wales for pointing that out to me recently).

However, I like to keep my models from having to worry about the HTTP request because this is the job of the controller. I typically just pass objects and arrays of objects between my controllers and models. For instance:

Code:

$this->load->model('message_model', 'message');
$message = $this->message->new();
$message->subject = $this->input->post('subject');
$message->body = $this->input->post('body');
$this->message->save($message);

[eluser]Randy Casburn[/eluser]

However, I like to keep my models from having to worry about the HTTP request because this is the job of the controller.

This will be more philosophical than anything. This is somewhat like a religion...

For a point of clarity I would like to address your point though. By the time the Controller has the data, the Controller should have already done its job and reacted to any events in queue. At this point all that is left is data sitting and waiting to be operated upon. In other words, after the Controller has ensured validation and XSS etc. as stated here (from: Benedikt)

Now, after all data is confirmed and correct, I want it to be saved into the database.

Then the HTTP request (Event) has already been handled and we are in a steady state with nothing to do but process data.

=====

So from a design perspective, you're sitting on a boundary condition (Controller <-> Model) with sanitized data loaded in an object and no events to operate on whatsoever.

Now this is from the CI user guide:

The Model represents your data structures. Typically your model classes will contain functions that help you retrieve, insert, and update information in your database.

And an excerpt from ootips.org (really should read it all): http://ootips.org/mvc-pattern.html

[The model is used] to manage information and notify observers when that information changes. [...] It contains only data and functionality that are related by a common purpose [...]

====

So Benedikt I hope this helps you understand how to choose to put functionality in the Controller or the Model. Please keep in mind this doesn't apply to every case and there are many opinions about these things.

Randy

[eluser]Colin Williams[/eluser]
You lost me somewhere there Randy. It ain't philosophy or religion, it's just good application design. Let's say we're in a different part of our application. We need to save data, but in this context there is no user input to process (maybe information was copied from elsewhere, maybe it came from a call to an external API, etc.) Should we create other versions of save() in our model to handle these different contexts? Methods that don't sniff out posted data?

I don't see anywhere, in anything you quoted or linked to, where it says this would be a good idea.

Then the HTTP request (Event) has already been handled and we are in a steady state with nothing to do but process data.

No kidding. So why would the Model go back and sniff out posted data? Maybe you aren't actually disagreeing with me. I can't tell.

So from a design perspective, you’re sitting on a boundary condition (Controller <-> Model) with sanitized data loaded in an object and no events to operate on whatsoever.

Why, where has the event changed? In my example, the event was save a message. So we've got sanitized data loaded in an object, so we can save it!

[eluser]Randy Casburn[/eluser]
That's a little too abstract. "A different part of our application" implies all sorts of things. Especially different observers, event handlers, and controllers. So yes, you may very well have different versions of save() because, if the purpose "ain't" common neither is the Model. You could be using a different model altogether.

I was careful not to disagree with you above. I was pointing out the boundary conditions had been provided from a state machine point of view already. If one has sanitized data sitting in an object and a design created such that one's Model operates on that data (per ootips above), then by all means go operate on the data in the Model. (That is this person's state of being right now).

My reasoning for stating this: again very clearly from a state machine perspective: is because there are no other events to capture or other operations to be performed by the controller, there simply isn't anything else for it to do unless we make things up for it to do.

It's that simple: from a state machine point of view.

You can change the state, and change the game like you did with you last post. But be clearer on what state the machine (CI) is in. Then I'll change my answer.

Randy

[eluser]Colin Williams[/eluser]

You can change the state, and change the game like you did with you last post. But be clearer on what state the machine (CI) is in. Then I’ll change my answer.

What was your answer to "Now, after all data is confirmed and correct, I want it to be saved into the database. My problem now is that I cant find any hint how to give the validated data (XSS etc) to the model?"

I say load it up in an object and pass it on to a Model to be saved. You say, "because there are no other events to capture or other operations to be performed by the controller, there simply isn’t anything else for it to do unless we make things up for it to do."

Here's the game plan: Submit->Clean->Validate->Save. The model does the Save part. Where are we left with "nothing to do?"

[eluser]Randy Casburn[/eluser]
Are we actually saying the same damn thing? My "state" is at the arrow between Validate and Save on my way to the Model and it sounds like you are too. The "nothing left to do" part was nothing for the "Controller" since the "Validate" part had already been done. There is lots (potentially) for the Model to do. Hence -- send it on to the Model as I said.

Maybe this is where we are splitting hairs...

I say load it up in an object and pass it on to a Model to be saved.

Since, it is already loaded up in an object before the "Validate" part, to do it again would be overkill.

[eluser]Benedikt[/eluser]
Thanks for your help and the discussion.

So what you are saying Randy is that I should put the validation into a model and call the model inside the controller instead calling it directly inside the controller?

Actually not a bad idea. I will think about it and change the code accordingly.

But my problem is still not solved. In the confirmation page I use $this->validation->Lastname to show the validated value. But how can I give the array of all $this->validation to the model?

[eluser]Colin Williams[/eluser]
You can just access $this->validation->field in your model, if you must... $this->validation should be available