Skip to content
Advertisement

MVC – Submit form to controller or model

I’m trying to apply a simple MVC pattern to my current website without any frameworks. Since i havent really gotten into oop yet im still using procedural at the moment.

i have a simple login form (view)

<form action="controller/login.php" method="Post">
<input type="text" name="username" placeholder="Username" />
<input type="text" name="password" placeholder="Password" />
<input type="submit" value="Sign in" />
</form>

this form will submit to the controller for login form. Controller will now check if both fields have inputs and “cleanse” more or less the input

if(isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username_escape = mysqli_real_escape_string($connect, $username);
$password_escape = mysqli_real_escape_string($connect, $password);
}

header("../model/login.php");

this is a really simple check right now however i was now wondering should i include controller into model and redirect to model from controller or form submit it at first place and have controller included.

Model

include_once("../controller/login.php");
$query = mysqli_query($connect, "INSERT into DB_table (username, password)
VALUES($username_escape, $password_escape)");

Advertisement

Answer

It’s good that you’re trying to separate your concerns, but MVC is a design pattern based on top of OOP principles.

OOP works with objects, and those objects are defined by a class, which is like a blueprint.

So in this example, you’d want everything to go through the controller, then depending on whether you want to save out, you’d want to call the model.

eg.

class LoginController
{
    public function indexAction()
    {
        $username = $_POST['username'];
        $password = $_POST['password'];

        if(!is_null($username) AND !is_null($password))
        {
             $user = new ServiceUser();
             $credentialsAreValid = $user->checkCredentials($username, $password);
             if($credentialsAreValid)
             {
                 header("Redirect: Somewhere");
             }
        }

        require_once __DIR__."/../templates/login.php";
    }
}

class User
{
    public function checkCredentials($username, $password)
    {
         $dsn = "mysql:host=localhost;dbname=db";
         $dbuser = "root";
         $dbpass = "pass";
         $db = new PDO($dsn, $dbuser, $dbpass);
       
         $sth = $db->prepare("SELECT * FROM user WHERE username = ? AND password = ?");
         $sth->bindValue(1, $username);
         $sth->bindValue(2, $password);

         $sth->execute();
         if(count($sth->fetchAll())>0) return true;
         return false;
    }
}

As you can see the logic is separated into a service, and is only called if it is needed. We’ve also used PDO to prevent SQL injections, (though one shouldn’t really be creating objects in here).

I would suggest you look into autoloading, and have a play with a framework like Silex as it will teach you these principles.

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement