HTML and CSS Reference
In-Depth Information
protected function check_nonce( )
if (
isset($_SESSION['nonce']) && !empty($_SESSION['nonce'])
&& isset($_POST['nonce']) && !empty($_POST['nonce'])
&& $_SESSION['nonce']===$_POST['nonce']
) {
$_SESSION['nonce'] = NULL;
return TRUE;
} else {
return FALSE;
* Performs basic input sanitization on a given string
* @param $dirty string The string to be sanitized
* @return string The sanitized string
protected function sanitize( $dirty )
return htmlentities(strip_tags($dirty), ENT_QUOTES);
This method checks three criteria:
That the nonce was stored in the session
That the nonce was submitted with the form
That the nonces in the session and form are identical
If all three conditions are met, the nonce is removed from the session (so the form cannot be submitted again
successfully) and Boolean TRUE is returned to signify a successful nonce check.
Writing the Form Handling Methods
To actually process the form submissions, you need three methods:
The first will check the nonce, execute the action handler method, and redirect the user to the
proper location, pending success or failure.
The second is the aforementioned action handler, which actually processes the submitted
form data.
The third is the model method, which takes the processed data from the action handler and
manipulates the database accordingly.
Adding the Main Form Handling Method
The first method, which will reside in system/core/ , will be called
handle_form_submission() . It accepts one parameter: the action.
Search WWH ::

Custom Search