Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Feature Request: easy access to validated form data #2436

shijialee opened this Issue · 7 comments

6 participants



When using CI's Form Validation library, I find that I often have to piece together all the necessary form data to pass to my model. such as:

$id = $this->blog_m->insert(array(
    'title'                 => $this->input->post('title'),
    'slug'                => $this->input->post('slug'),
    'category_id'    => $this->input->post('category_id'),
    'intro'                => $this->input->post('intro'),
    'body'               => $this->input->post('body'),
    'status'             => $this->input->post('status'),

That gets very tedious and often introduces typos/bugs. I don't want to do $this->blog_m->insert($this->input->post()) because there might be garbage in the postdata that need to be cleaned up, such as submit field and fake data submitted by malicious users.

It would be very handy to just get the validated data against the rules and be able to do $id = $this->blog_m->insert(form_valid_data());.

To achieve the above, I run through the postdata against the already defined form validation rule after the validation rules have passed. code as following:


class MY_Form_validation extends CI_Form_validation {
    public function get_valid_data() {
        $valid_data = array();
        foreach ($this->_field_data as $k => $v ) {
            // remove [] if field name is an array.
            $k = preg_replace("/\[\]$/", "", $k);                                                                                                                                                                                             
            if ( array_key_exists($k, $_POST) ) {
                $valid_data[$k] = $v['postdata'];
        return $valid_data;


if ( ! function_exists('form_valid_data')) {
    function form_valid_data() {
        if (FALSE === ($OBJ =& _get_validation_object())) {
            return '';

        return $OBJ->get_valid_data();

A big plus for me is that I normally have the form filed name matched to the database column name respectively so the form data can be used right away in the model.

Note that the form_valid_data() only contains form fields that have validation rules defined ( I assume you check everything submitted by the user :)

I find this little addon very handy and maybe worth to be included in the core.


Having a method that retrieves all validated and sanitized post data as defined by the form validation library sounds like a nice addition. It should be a method of the validation library, in my opinion, not a stand-alone function (and definitely don't return an empty string).

Why don't you put a pull request together since you already have a working solution?


I like this, and agree with cryode that the helper function isn't required, a method on the library would be fine.

Alternatively, though a bit more verbose, being able to pass an array or comma-separated list to an input method to only retrieve the parameters required.

For example:

$this->input->post('title, slug, category_id, intro, body, status');

$this->input->post(array('title', 'slug', 'category_id', 'intro', 'body', 'status'));

I would only allow the second way, not a single string.

That's not the first time that functionality has been mentioned, so while I was not entirely fond of the idea before, it seems warranted if it is requested multiple times. Put together a pull request for it! A couple of things to note:

  • While these features could be used together, they are mutually exclusive, and should be made as two pull requests.
  • The form validation idea should take into account a parameter for specifying whether xss_clean should be performed, since it is an option for the post(), get(), etc. methods.

The change takes inspiration from the database select() method which allows for an array or comma-separated string. Otherwise options like this->input->only() and $this->input->except() (inspired by Laravel).


SELECT strings end up being just that, anyway, that's why it makes more sense for it. Just my opinion, I think a single string for choosing input keys is not the best way to go.

only() and except() won't really work for CI because you're already specifying a method for the type of input. only() would have to be method chained before it to prevent parameter creep.

$vars = $this->input->only()->post(array('name', 'email', 'address'));

While only() is much more descriptive (and would be a better solution overall), it doesn't flow as well with CI.


I think it's a bad idea to use it this way when you call your model.
You should have a method inside your model which will control fields you want to insert/update to prevent database errors.

Here is my insert/update method (for a language table). If I update my table, I just need to update the fields inside the switch.
You could also add private/protected properties to the object model and check if property_exists() but it's slower

public function insert_update($data) {
        $id = FALSE;
        if (!empty($data)) {
            $insert_data = array();
            foreach ($data AS $k => $v) {
                $v = trim($v);
                switch ($k) {
                    case 'language':
                    case 'name':
                    case 'lcid':
                    case 'iso':
                        if (strlen($v) > 0) {
                            $insert_data[$k] = $v;
            if (isset($data['id']) && $data['id'] > 0) {
                $id = $data['id'];
                $this->db->update($this->table, $insert_data, array('id' => $id));
            } else {
                $this->db->insert($this->table, $insert_data);
                $id = $this->db->insert_id();
        return $id;

In your controller, you can simply use it this way :

if ($this->form_validation->run()) {

I found this feature to be incredibly useful so I will go ahead and make a PR for this feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.