Chapter 9: Security and Performance
277
Securing the MPages Model
MPages is just like all the rest. You need to protect the getPage() function, getPagePath() , and any
function that inserts, updates, or deletes records. For example, here is the addPage() function:function addPage(){
$data = array(
‘name’ = > db_clean($_POST[‘name’]),
‘keywords’ = > db_clean($_POST[‘keywords’]),
‘description’ = > db_clean($_POST[‘description’]),
‘status’ = > db_clean($_POST[‘status’],8),
‘path’ = > db_clean($_POST[‘path’]),
‘content’ = > $_POST[‘content’]
);$this- > db- > insert(‘pages’, $data);
}Notice that in this case, the content field of the pages table should contain HTML content, so you ’ re not
going to add any restrictions to it.The complete list of functions that must be secured in this model includes :addPage()updatePage()deletePage()getPage()getPagePath()Securing the MProducts Model
The MProducts model is by far the largest in this application — and for good reason! Just about
everything of consequence that happens in this application happens because of (or to) a product. Site
visitors view products, navigate to products, and see related products. Colors and sizes that have been
assigned to a product need to be displayed along with that product.Some of the security cleanup will be very easy, such as with the getProduct() function:function getProduct($id){
$data = array();
$options = array(‘id’ = > id_clean($id) );
$Q = $this- > db- > getwhere(‘products’,$options,1);
if ($Q- > num_rows() > 0){
$data = $Q- > row_array();
}
$Q- > free_result();
return $data;
}