Background Using Codeigniter with form_helper and form_validation to do some form processing. Form has been validated successfully in the controller.

Now we need to put this data into the database using the model class.

Assumptions

Lets assume our form has several input elements (e.g. >20).

Question Which of the following code snippets will be more efficient? Both snippets are obviously inside the controller method to which the form submits data.

Code Snippet 1

if ($this->form_validation->run())
{
    // validation successful, now collect the values in a variable to pass it to the model.
    $form_data['field1'] = $this->form_validation->set_value('field1');
    $form_data['field2'] = $this->form_validation->set_value('field2');
    // AND SO ON
    $form_data['fieldN'] = $this->form_validation->set_value('fieldN');

    // Now put this data into database.
    $this->corresponding_model->write_to_db($form_data);
}

Code Snippet 2

if ($this->form_validation->run())
{
    // validation successful, now collect the values in a variable to pass it to the model.
    $form_data['field1'] = $this->input->post('field1');
    $form_data['field2'] = $this->input->post('field2');
    // AND SO ON
    $form_data['fieldN'] = $this->input->post('fieldN');

    // Now put this data into database.
    $this->corresponding_model->write_to_db($form_data);
}

So essentially what I am asking is: What is better to get the post data for some arbitrary form element? $this->input->post or $this->form_validation->set_value() ?

PS: If we look the the set_value() and post() functions in the code (please see below), obviously set_value() is going to be faster as post() loops through the entire $_POST. So in a sense it is also about what is the best practice?

Form_validation.php, set_value() method

public function set_value($field = '', $default = '')
{
    if ( ! isset($this->_field_data[$field]))
    {
        return $default;
    }

    // If the data is an array output them one at a time.
    //     E.g: form_input('name[]', set_value('name[]');
    if (is_array($this->_field_data[$field]['postdata']))
    {
        return array_shift($this->_field_data[$field]['postdata']);
    }

    return $this->_field_data[$field]['postdata'];
} 

Input.php, post() method

function post($index = NULL, $xss_clean = FALSE)
{
    // Check if a field has been provided
    if ($index === NULL AND ! empty($_POST))
    {
        $post = array();

        // Loop through the full _POST array and return it
        foreach (array_keys($_POST) as $key)
        {
            $post[$key] = $this->_fetch_from_array($_POST, $key, $xss_clean);
        }
        return $post;
    }

    return $this->_fetch_from_array($_POST, $index, $xss_clean);
}

Both functions will return the modified value if rules have been run on the input.

When you want to read a post value from form, USE $this->input->post().

set_value() is used to re-populate a form has failed validation. There is no additional filtering on it, so it faster but I prefer you should use $this->input->post() for the secure.

While the $this->form_validation->set_value() might be faster in some cases, [take a look at the benchmark below], the most important difference between these two methods is preparing a XSS filtering option in $this->input->post() method.

Form Validation :: set_value() Functionality

In Form Validation Class , all fields are stored in $this->_field_data property, the values come from $_POST directly and $this->form_validation->set_value() method just returns data from $this->_field_data.

Input :: post() Functionality

Input Class prepares a XSS filtering option, you might consider using it to store values into database.

Note:
Please note that $this->input->post() method does NOT loop through the entire $_POST by default, unless it is called without a specific $index parameter.

Benchmark

System Information:

CPU: Intel Core-i5 760 @ 2.80 GHz RAM: 2.00 GB.

Test case: A 30-character string text field.

set_rules()                   0.0000
Check Validation              0.0003
set_value()                   0.0000
Form Validation (Overall)     0.0024

post() without XSS filtering  0.0000
post() with XSS filtering     0.0002

Conclusion

If you need to perform a XSS filtering before storing values into database I recommend using CodeIgniter Input class. also, there are more Security Filtering operations that Input Class serves, explained in CodeIgniter User Guide.

Sometimes code snippet #1, sometimes - #2. In most cases $this->input->post() is much faster. But it can depends of environment code and data. You can easy check what is faster in your case:

public function codeSnippet1(){
ob_start();
$this->output->enable_profiler(TRUE);
// your code here

ob_end_flush();
}

public function codeSnippet2(){
ob_start();
$this->output->enable_profiler(TRUE);
// your code here

ob_end_flush();
}

Then call this functions and match results.