On MVC / Forums / Community / EllisLab

Forum Logo

On MVC

Posted: 16 November 2012 06:26 AM

[ Ignore ]

Joined: 2012-10-29
118 posts

Hello; I have 3 questions I appreciate if anyone helps.
1 - Is there any design mistakes I am making here? Also little things like “where is the best place to use htmlentities?” Model view or controller? I’m not sure.
2 - What is the right way of making models? For example is it the right thing to have every member related method in one model? Or is it right to have one separate model per method?
3 - Do you see any obvious security holes?
This is one page and this is the other in case you need to see what it looks like.

It doesnt let me post all the code, so Im gonna post it under this as a reply
Thank you

behnampmdg3

Posted: 16 November 2012 06:27 AM

[ Ignore ] [ # 1 ] [ Rating: 0 ]

Joined: 2012-10-29
118 posts

View

<div id="common_div" >
<?php 
foreach($details as $val)
    {
    $title = ucwords($val['title']);
    $date_added = "<div class=\"list\">Listed On ".date('l, jS F Y',strtotime($val['date_added']))."</div>";
    $city = ucwords($val['city']);
    $suburb = ucwords($val['suburb']);
    $comments = ucwords($val['comments']);
    $weekly_rent = "<div class=\"list\">Weekly Rent $".$val['weekly_rent']."</div>";
    $furnished = "<div class=\"list\">It is ".$val['furnished']."</div>";
    $security_bond = "<div class=\"list\">Security Bond $".$val['security_bond']."</div>";
    $internet = "<div class=\"list\">".$val['internet']."</div>";
    $carpark = "<div class=\"list\">".$val['carpark']."</div>";
    $tv = "<div class=\"list\">".$val['tv']."</div>";
    $pet = "<div class=\"list\">".$val['pet']."</div>";
    $aircondition = "<div class=\"list\">".$val['aircondition']."</div>";
    $building_type = "<div class=\"list\">".$val['building_type']."</div>";
    $washer_dryer = "<div class=\"list\">".$val['washer_dryer']."</div>";
    $own_bathroom = "<div class=\"list\">".$val['own_bathroom']."</div>";
    $address = "<div class=\"list\">".$val['address']."</div>";
    }
?>
<div class = "about">
    <span><?php echo $title;?></span> in <?php echo $city.", ".$suburb;?>
    <a href = "<?php echo site_url();?>">Back To Listings</a>
</div>
<?php
echo "<div class = \"place_details\" clear:both\">";
echo $date_added;
echo $weekly_rent;
echo $furnished;
echo $internet;
echo $pet;
echo $carpark;
echo $own_bathroom;
echo $aircondition;
echo $washer_dryer;
echo $building_type;
echo $address;
echo $security_bond;
echo "<div float:none; clear:both\"></div>";
echo "</div>";
    
        echo "<div class = \"places\" font-size:14px; line-height:25px;\">";
        echo $comments;
        echo "</div>";
        
    
    ?>
</div> 
 
Edit/Delete Message 

behnampmdg3

Posted: 16 November 2012 06:28 AM

[ Ignore ] [ # 2 ] [ Rating: 0 ]

Joined: 2012-10-29
118 posts

Model

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Places_model extends CI_Model
    {
        public $place_results;
        public $ad_details;
        function load_places()
            {
                $query = " SELECT ad_have.id AS AID,
       title,
       comments,
       date_added,
       suburb,
       city,
       city.name  AS cn,
       suburb
FROM   ad_have
       INNER JOIN city
               ON city.id = ad_have.city
       INNER JOIN members
               ON members.id = ad_have.member_id
ORDER  BY date_added DESC
LIMIT  40  ";
                $places= $this->db->query($query);
                foreach ($places->result() as $row)
                    {
                        $this->place_results[]= array('AID'=>$row->AID,'title'=>$row->title, 'city'=>$row->cn, 'date_added'=>$row->date_added
                                                  , 'suburb'=>$row->suburb);
                    }
                return $this->place_results;
            }
            
        
        function place_details($ad_id)
            {
                $query = " SELECT ad_have.id AS AID,
       title,
       comments,
       date_added,
       suburb,
       city,
       city.name  AS cn,
       suburb,
       weekly_rent,
       ad_have.smoke,
       ad_have.views,
       security_bond,
       furnished,
       building_type,
       washer_dryer,
       tv,
       pet,
       carpark,
       internet,
       own_bathroom,
       aircondition,
       address
FROM   ad_have
       INNER JOIN city
               ON city.id = ad_have.city
       INNER JOIN members
               ON members.id = ad_have.member_id
WHERE  ad_have.id =?
       AND active = ?  ";
                $result = $this->db->query($query, array($ad_id, 'y'));
                if($result->num_rows()!=1)
                    {
                        return false;
                    }    
                else 
                    {
                        $details = $result->result();
                        $this->ad_details = array('cn'=>$details[0]->cn,
                                'comments'=>$details[0]->comments,
                                'AID'=>$details[0]->AID,
                                'title'=>$details[0]->title,
                                'city'=>$details[0]->cn,
                                'date_added'=>$details[0]->date_added,
                                'weekly_rent'=>$details[0]->weekly_rent,
                                'smoke'=>$details[0]->smoke,
                                'suburb'=>$details[0]->suburb,
                                'security_bond'=>$details[0]->security_bond,
                                'views'=>$details[0]->views,
                                'furnished'=>$details[0]->furnished,
                                'washer_dryer'=>$details[0]->washer_dryer,
                                'tv'=>$details[0]->tv,
                                'carpark'=>$details[0]->carpark,
                                'internet'=>$details[0]->internet,
                                'own_bathroom'=>$details[0]->own_bathroom,
                                'aircondition'=>$details[0]->aircondition,
                                'address'=>$details[0]->address,
                                'building_type'=>$details[0]->building_type,
                                'pet'=>$details[0]->pet
                                );
                        return $this->ad_details;
                    }
            }
            
            
        
            
    } 

behnampmdg3

Posted: 16 November 2012 06:29 AM

[ Ignore ] [ # 3 ] [ Rating: 0 ]

Joined: 2012-10-29
118 posts

Controller

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Ad_details extends CI_Controller {

    public function show_ad($ad_id)
        {
            if(is_numeric($ad_id))
                {
                    $this->load->model('places_model');
                    $place = $this->places_model->place_details($ad_id);
                    if($place)
                        {
                            $data['title'] = html_entity_decode(ucwords($place['title']));
                            if($place['furnished']=='on')
                                {
                                    $furnished = "Furnished";
                                }
                            else 
                                {
                                    $furnished = "";
                                }
                            if($place['washer_dryer']=='on')
                                {
                                    $washer_dryer = "Washer / Dryer";
                                }
                            else
                                {
                                    $washer_dryer = "";
                                }
                            if($place['tv']=='on')
                                {
                                    $tv = "TV available";
                                }
                            else
                                {
                                    $tv = "";
                                }
                            if($place['pet']=='on')
                                {
                                    $pet = "Pets Allowed";
                                }
                            else
                                {
                                    $pet = "";
                                }
                            if($place['carpark']=='on')
                                {
                                     $carpark = "Carpark Available";
                                }
                            else
                                {
                                    $carpark = "";
                                }
                            if($place['internet']=='on')
                                {
                                    $internet = "ADSL Available";
                                }
                            else
                                {
                                    $internet = "";
                                }
                            if($place['own_bathroom']=='on')
                                {
                                    $own_bathroom = "Own Bathroom";
                                }
                            else
                                {
                                    $own_bathroom = "";
                                }
                            if($place['aircondition']=='on')
                                {
                                    $aircondition = "Airconditioned";
                                }
                            else
                                {
                                    $aircondition = "";
                                }
                        
                            $data['details'][] = array('AID'=>$place['AID'],
                            'title'=>html_entity_decode($place['title']), 
                            'comments'=>html_entity_decode($place['comments']), 
                            'date_added'=>($place['date_added']), 
                            'suburb'=>html_entity_decode($place['suburb']), 
                            'city'=>html_entity_decode($place['city']),
                            'suburb'=>html_entity_decode($place['suburb']),
                            'cn'=>html_entity_decode($place['cn']),
                            'security_bond'=>html_entity_decode($place['security_bond']),
                            'building_type'=>html_entity_decode($place['building_type']),
                            'weekly_rent'=>html_entity_decode($place['weekly_rent']),
                            'address'=>html_entity_decode($place['address']),
                            'furnished'=>$furnished,
                            'washer_dryer'=>$washer_dryer,
                            'tv'=>$tv,
                            'pet'=>$pet,
                            'carpark'=>$carpark,
                            'internet'=>$internet,
                            'own_bathroom'=>$own_bathroom,
                            'aircondition'=>$aircondition,
                            );
                            $this->load->vars($data);
                            $this->view_things();
                        }
                    else 
                        {
                            $this->invalid_ad();
                        }
                }
            else 
                {
                    $this->invalid_ad();
                }
        }
    
        
    public function invalid_ad()
        {
            $data['invalid']=true;
            $data['title']='Flatmatescenter invalid Ad id!';
            $this->load->vars($data);
            $this->load->view('header_view');
            $this->load->view('invalid_ad_details_view');
            $this->load->view('footer_view');
        }
        
        
    public function view_things()
        {
            $this->load->view('header_view');
            $this->load->view('ad_details_view');
            $this->load->view('footer_view');
        }
}

/* End of file welcome.php */
/* Location: ./application/controllers/welcome.php */ 