summaryrefslogtreecommitdiffstats
path: root/user_guide/general
diff options
context:
space:
mode:
authorDerek Allard <derek.allard@ellislab.com>2008-05-07 13:25:19 +0200
committerDerek Allard <derek.allard@ellislab.com>2008-05-07 13:25:19 +0200
commitd379734a06022fb7294e6ba0bd001feb3a287725 (patch)
tree2f905014a1c447b730cae04b61e4b27634370fd9 /user_guide/general
parente4db277183b1fd3f26741c57c28271029ca8ab52 (diff)
added a note about security and filtering raw post data
Diffstat (limited to 'user_guide/general')
-rw-r--r--user_guide/general/models.html7
1 files changed, 2 insertions, 5 deletions
diff --git a/user_guide/general/models.html b/user_guide/general/models.html
index ca6ab2d20..7b2d6865f 100644
--- a/user_guide/general/models.html
+++ b/user_guide/general/models.html
@@ -18,7 +18,6 @@
<meta name='robots' content='all' />
<meta name='author' content='ExpressionEngine Dev Team' />
<meta name='description' content='CodeIgniter User Guide' />
-
</head>
<body>
@@ -98,7 +97,7 @@ class&nbsp;Blogmodel&nbsp;extends&nbsp;Model&nbsp;{<br />
<br />
&nbsp;&nbsp;&nbsp;&nbsp;function&nbsp;insert_entry()<br />
&nbsp;&nbsp;&nbsp;&nbsp;{<br />
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->title&nbsp;&nbsp; = $_POST['title'];<br />
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->title&nbsp;&nbsp; = $_POST['title']; // please read the below note<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->content = $_POST['content'];<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$this->date&nbsp;&nbsp;&nbsp; = time();<br />
<br />
@@ -117,9 +116,7 @@ class&nbsp;Blogmodel&nbsp;extends&nbsp;Model&nbsp;{<br />
}</code>
<p>Note: The functions in the above example use the <a href="../database/active_record.html">Active Record</a> database functions.</p>
-
-
-
+<p class="important"><strong>Note:</strong> For the sake of simplicity in this example we're using $_POST directly. This is generally bad practice, and a more common approach would be to use the <a href="http://codeigniter.com/user_guide/libraries/input.html">Input Class</a> $this-&gt;input-&gt;post('title')</p>
<h2><a name="anatomy"></a>Anatomy of a Model</h2>
<p>Model classes are stored in your <dfn>application/models/</dfn> folder. They can be nested within sub-folders if you