From d379734a06022fb7294e6ba0bd001feb3a287725 Mon Sep 17 00:00:00 2001 From: Derek Allard Date: Wed, 7 May 2008 11:25:19 +0000 Subject: added a note about security and filtering raw post data --- user_guide/general/models.html | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'user_guide/general/models.html') diff --git a/user_guide/general/models.html b/user_guide/general/models.html index ca6ab2d20..7b2d6865f 100644 --- a/user_guide/general/models.html +++ b/user_guide/general/models.html @@ -18,7 +18,6 @@ - @@ -98,7 +97,7 @@ class Blogmodel extends Model {

    function insert_entry()
    {
-        $this->title   = $_POST['title'];
+        $this->title   = $_POST['title']; // please read the below note
        $this->content = $_POST['content'];
        $this->date    = time();

@@ -117,9 +116,7 @@ class Blogmodel extends Model {
}

Note: The functions in the above example use the Active Record database functions.

- - - +

Note: For the sake of simplicity in this example we're using $_POST directly. This is generally bad practice, and a more common approach would be to use the Input Class $this->input->post('title')

Anatomy of a Model

Model classes are stored in your application/models/ folder. They can be nested within sub-folders if you -- cgit v1.2.3-24-g4f1b