diff options
author | Derek Allard <derek.allard@ellislab.com> | 2008-05-07 13:25:19 +0200 |
---|---|---|
committer | Derek Allard <derek.allard@ellislab.com> | 2008-05-07 13:25:19 +0200 |
commit | d379734a06022fb7294e6ba0bd001feb3a287725 (patch) | |
tree | 2f905014a1c447b730cae04b61e4b27634370fd9 | |
parent | e4db277183b1fd3f26741c57c28271029ca8ab52 (diff) |
added a note about security and filtering raw post data
-rw-r--r-- | user_guide/general/models.html | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/user_guide/general/models.html b/user_guide/general/models.html index ca6ab2d20..7b2d6865f 100644 --- a/user_guide/general/models.html +++ b/user_guide/general/models.html @@ -18,7 +18,6 @@ <meta name='robots' content='all' />
<meta name='author' content='ExpressionEngine Dev Team' />
<meta name='description' content='CodeIgniter User Guide' />
-
</head>
<body>
@@ -98,7 +97,7 @@ class Blogmodel extends Model {<br /> <br />
function insert_entry()<br />
{<br />
- $this->title = $_POST['title'];<br />
+ $this->title = $_POST['title']; // please read the below note<br />
$this->content = $_POST['content'];<br />
$this->date = time();<br />
<br />
@@ -117,9 +116,7 @@ class Blogmodel extends Model {<br /> }</code>
<p>Note: The functions in the above example use the <a href="../database/active_record.html">Active Record</a> database functions.</p>
-
-
-
+<p class="important"><strong>Note:</strong> For the sake of simplicity in this example we're using $_POST directly. This is generally bad practice, and a more common approach would be to use the <a href="http://codeigniter.com/user_guide/libraries/input.html">Input Class</a> $this->input->post('title')</p>
<h2><a name="anatomy"></a>Anatomy of a Model</h2>
<p>Model classes are stored in your <dfn>application/models/</dfn> folder. They can be nested within sub-folders if you
|