I have this code, but I need to add the date a message was submitted. Does anyone know how I could to this?
function insert_comment() { //get blog_id so it can be used to add comment to correct blog item $this->db->where('blog_id',$this->uri->segment(3)); $this->db->insert('comments',$_POST); redirect('/blog/post/'.$_POST['blog_id']); }
// Add the publish date
$_POST[‘publish_date’] = time();
Page redirects and all data is added to the database apart from the date. My date is ‘comment_date’ in the database and it is a “date” field.
This is the complete new code…
function insert_comment() { //get blog_id so it can be used to add comment to correct blog item $this->db->where('blog_id',$this->uri->segment(3)); // Add the publish date $_POST['comment_date'] = time(); $this->db->insert('comments',$_POST); redirect('/blog/post/'.$_POST['blog_id']); }
Would there be any benefits? I know there are 100’s of different ways to write the same type of function, but I’m trying to write the best code I possibly can.
Yes, there are many benefits to doing it that way. Inserting $_POST directly into your DB raises some security issues, so it is definitely better to define an array containing *only* the values you wish to insert.
Yes, there are many benefits to doing it that way. Inserting $_POST directly into your DB raises some security issues, so it is definitely better to define an array containing *only* the values you wish to insert.
Yeah it definatly better to do it this way, but there’s some code floating around the forums in the last week or so, which would take the post array, and return a data array with just those fields (it took the table name as a parameter, and extracted that data from the post array)
It works out as just a line of code, just like using $_POST directly, but much more safer
The thread I was refering to is here
There are 3 possible implementations for the method, or make your own based on on the examples there (see post 6,8 and 10 for the code examples)
Thanks for the link Dam1an. I extended my model class with a function to do this (although not as complex as Fuzzy’s), so I can just past $_POST to my model and let it worry about what fields to use. As an added complication, I use different field names in my DB/forms (for very good reasons!) so my function also renames them.
I love open-source communities, it’s great to see the different approaches people take to solve similar problems.
/** * Search through $_POST for fieldnames listed in * $fields, and return an array containing only those * fields. The controller can then pass the whole * $_POST (after validation) and let the model choose * which fields to use. Also translate html field name * to db field name * * @param array $post Copy of the $_POST array * @param string $fields[][0] name of db field * @param string $fields[][1] name of html form field * @return array allowed fields/values only * */
Why store it as a varchar instead of one of the many date/time formats such as timestamp or datetime?
Obviously that should’ve read int not varchar, sorry.
I don’t want to derail the thread, so short answer: I prefer manipulating PHP timestamps. I almost never feel the need to do something that would properly use the mysql date field (i.e. sort by month), but I very frequently have to display the result in different formats.
Personal preference, really.
Mike, that last bit looks familiar. One of my favorite snippets of all time (PHP 5):
