Using CodeIgniter’s Model

Models

Models provide a way to interact with a specific table in your database. They come out of the box with helpermethods for much of the standard ways you would need to interact with a database table, including finding records,updating records, deleting records, and more.

Accessing Models

Models are typically stored in the app/Models directory. They should have a namespace that matches theirlocation within the directory, like namespace App\Models.

You can access models within your classes by creating a new instance or using the model() helper function.

  1. // Create a new class manually
  2. $userModel = new App\Models\UserModel();
  3.  
  4. // Create a new class with the model function
  5. $userModel = model('App\Models\UserModel', false);
  6.  
  7. // Create a shared instance of the model
  8. $userModel = model('App\Models\UserModel');
  9.  
  10. // Create shared instance with a supplied database connection
  11. // When no namespace is given, it will search through all namespaces
  12. // the system knows about and attempt to located the UserModel class.
  13. $db = db_connect('custom');
  14. $userModel = model('UserModel', true, $db);

CodeIgniter’s Model

CodeIgniter does provide a model class that provides a few nice features, including:

  • automatic database connection
  • basic CRUD methods
  • in-model validation
  • automatic pagination
  • and more

This class provides a solid base from which to build your own models, allowing you torapidly build out your application’s model layer.

Creating Your Model

To take advantage of CodeIgniter’s model, you would simply create a new model classthat extends CodeIgniter\Model:

  1. <?php namespace App\Models;
  2.  
  3. use CodeIgniter\Model;
  4.  
  5. class UserModel extends Model
  6. {
  7.  
  8. }

This empty class provides convenient access to the database connection, the Query Builder,and a number of additional convenience methods.

Connecting to the Database

When the class is first instantiated, if no database connection instance is passed to the constructor,it will automatically connect to the default database group, as set in the configuration. You canmodify which group is used on a per-model basis by adding the DBGroup property to your class.This ensures that within the model any references to $this->db are made through the appropriateconnection.

  1. <?php namespace App\Models;
  2.  
  3. use CodeIgniter\Model;
  4.  
  5.     class UserModel extends Model
  6.     {
  7.             protected $DBGroup = 'group_name';
  8.     }

You would replace “group_name” with the name of a defined database group from the databaseconfiguration file.

Configuring Your Model

The model class has a few configuration options that can be set to allow the class’ methodsto work seamlessly for you. The first two are used by all of the CRUD methods to determinewhat table to use and how we can find the required records:

  1. <?php namespace App\Models;
  2.  
  3. use CodeIgniter\Model;
  4.  
  5. class UserModel extends Model
  6. {
  7.         protected $table      = 'users';
  8.         protected $primaryKey = 'id';
  9.  
  10.         protected $returnType = 'array';
  11.         protected $useSoftDeletes = true;
  12.  
  13.         protected $allowedFields = ['name', 'email'];
  14.  
  15.         protected $useTimestamps = false;
  16.         protected $createdField  = 'created_at';
  17.         protected $updatedField  = 'updated_at';
  18.         protected $deletedField  = 'deleted_at';
  19.  
  20.         protected $validationRules    = [];
  21.         protected $validationMessages = [];
  22.         protected $skipValidation     = false;
  23. }

$table

Specifies the database table that this model primarily works with. This only applies to thebuilt-in CRUD methods. You are not restricted to using only this table in your ownqueries.

$primaryKey

This is the name of the column that uniquely identifies the records in this table. Thisdoes not necessarily have to match the primary key that is specified in the database, butis used with methods like find() to know what column to match the specified value to.

Note

All Models must have a primaryKey specified to allow all of the features to workas expected.

$returnType

The Model’s CRUD methods will take a step of work away from you and automatically returnthe resulting data, instead of the Result object. This setting allows you to definethe type of data that is returned. Valid values are ‘array’, ‘object’, or the fullyqualified name of a class that can be used with the Result object’s getCustomResultObject()method.

$useSoftDeletes

If true, then any delete method calls will set deleted_at in the database, instead ofactually deleting the row. This can preserve data when it might be referenced elsewhere, orcan maintain a “recycle bin” of objects that can be restored, or even simply preserve it aspart of a security trail. If true, the find methods will only return non-deleted rows, unlessthe withDeleted() method is called prior to calling the find* method.

This requires either a DATETIME or INTEGER field in the database as per the model’s$dateFormat setting. The default field name is deleted_at however this name can beconfigured to any name of your choice by using $deletedField property.

$allowedFields

This array should be updated with the field names that can be set during save, insert, orupdate methods. Any field names other than these will be discarded. This helps to protectagainst just taking input from a form and throwing it all at the model, resulting inpotential mass assignment vulnerabilities.

$useTimestamps

This boolean value determines whether the current date is automatically added to all insertsand updates. If true, will set the current time in the format specified by $dateFormat. Thisrequires that the table have columns named ‘created_at’ and ‘updated_at’ in the appropriatedata type.

$createdField

Specifies which database field should use for keep data record create timestamp.Leave it empty to avoid update it (even useTimestamps is enabled)

$updatedField

Specifies which database field should use for keep data record update timestamp.Leave it empty to avoid update it (even useTimestamps is enabled)

$dateFormat

This value works with $useTimestamps and $useSoftDeletes to ensure that the correct type ofdate value gets inserted into the database. By default, this creates DATETIME values, butvalid options are: datetime, date, or int (a PHP timestamp). Using ‘useSoftDeletes’ or‘useTimestamps’ with an invalid or missing dateFormat will cause an exception.

$validationRules

Contains either an array of validation rules as described in How to save your rulesor a string containing the name of a validation group, as described in the same section.Described in more detail below.

$validationMessages

Contains an array of custom error messages that should be used during validation, asdescribed in Setting Custom Error Messages. Described in more detail below.

$skipValidation

Whether validation should be skipped during all inserts and updates. The defaultvalue is false, meaning that data will always attempt to be validated. This isprimarily used by the skipValidation() method, but may be changed to true sothis model will never validate.

$beforeInsert**$afterInsert$beforeUpdate$afterUpdateafterFindafterDelete**

These arrays allow you to specify callback methods that will be run on the data at thetime specified in the property name.

Working With Data

Finding Data

Several functions are provided for doing basic CRUD work on your tables, including find(),insert(), update(), delete() and more.

find()

Returns a single row where the primary key matches the value passed in as the first parameter:

  1. $user = $userModel->find($user_id);

The value is returned in the format specified in $returnType.

You can specify more than one row to return by passing an array of primaryKey values insteadof just one:

  1. $users = $userModel->find([1,2,3]);

If no parameters are passed in, will return all rows in that model’s table, effectively actinglike findAll(), though less explicit.

findColumn()

Returns null or an indexed array of column values:

  1. $user = $userModel->findColumn($column_name);

$column_name should be a name of single column else you will get the DataException.

findAll()

Returns all results:

  1. $users = $userModel->findAll();

This query may be modified by interjecting Query Builder commands as needed prior to calling this method:

  1. $users = $userModel->where('active', 1)
  2.                    ->findAll();

You can pass in a limit and offset values as the first and secondparameters, respectively:

  1. $users = $userModel->findAll($limit, $offset);

first()

Returns the first row in the result set. This is best used in combination with the query builder.

  1. $user = $userModel->where('deleted', 0)
  2.                   ->first();

withDeleted()

If $useSoftDeletes is true, then the find methods will not return any rows where ‘deleted_at IS NOT NULL’.To temporarily override this, you can use the withDeleted() method prior to calling the find method.

  1. // Only gets non-deleted rows (deleted = 0)
  2. $activeUsers = $userModel->findAll();
  3.  
  4. // Gets all rows
  5. $allUsers = $userModel->withDeleted()
  6.                       ->findAll();

onlyDeleted()

Whereas withDeleted() will return both deleted and not-deleted rows, this method modifiesthe next find* methods to return only soft deleted rows:

  1. $deletedUsers = $userModel->onlyDeleted()
  2.                           ->findAll();

Saving Data

insert()

An associative array of data is passed into this method as the only parameter to create a newrow of data in the database. The array’s keys must match the name of the columns in a $table, whilethe array’s values are the values to save for that key:

  1. $data = [
  2.         'username' => 'darth',
  3.         'email'    => 'd.vader@theempire.com'
  4. ];
  5.  
  6. $userModel->insert($data);

update()

Updates an existing record in the database. The first parameter is the $primaryKey of the record to update.An associative array of data is passed into this method as the second parameter. The array’s keys must match the nameof the columns in a $table, while the array’s values are the values to save for that key:

  1. $data = [
  2.         'username' => 'darth',
  3.         'email'    => 'd.vader@theempire.com'
  4. ];
  5.  
  6. $userModel->update($id, $data);

Multiple records may be updated with a single call by passing an array of primary keys as the first parameter:

  1. $data = [
  2.             'active' => 1
  3.     ];
  4.  
  5.     $userModel->update([1, 2, 3], $data);

When you need a more flexible solution, you can leave the parameters empty and it functions like the Query Builder’supdate command, with the added benefit of validation, events, etc:

  1. $userModel
  2.     ->whereIn('id', [1,2,3])
  3.     ->set(['active' => 1]
  4.     ->update();

save()

This is a wrapper around the insert() and update() methods that handle inserting or updating the recordautomatically, based on whether it finds an array key matching the $primaryKey value:

  1. // Defined as a model property
  2. $primaryKey = 'id';
  3.  
  4. // Does an insert()
  5. $data = [
  6.         'username' => 'darth',
  7.         'email'    => 'd.vader@theempire.com'
  8. ];
  9.  
  10. $userModel->save($data);
  11.  
  12. // Performs an update, since the primary key, 'id', is found.
  13. $data = [
  14.         'id'       => 3,
  15.         'username' => 'darth',
  16.         'email'    => 'd.vader@theempire.com'
  17. ];
  18. $userModel->save($data);

The save method also can make working with custom class result objects much simpler by recognizing a non-simpleobject and grabbing its public and protected values into an array, which is then passed to the appropriateinsert or update method. This allows you to work with Entity classes in a very clean way. Entity classes aresimple classes that represent a single instance of an object type, like a user, a blog post, job, etc. Thisclass is responsible for maintaining the business logic surrounding the object itself, like formattingelements in a certain way, etc. They shouldn’t have any idea about how they are saved to the database. At theirsimplest, they might look like this:

  1. namespace App\Entities;
  2.  
  3. class Job
  4. {
  5.         protected $id;
  6.         protected $name;
  7.         protected $description;
  8.  
  9.         public function __get($key)
  10.         {
  11.                 if (property_exists($this, $key))
  12.                 {
  13.                         return $this->$key;
  14.                 }
  15.         }
  16.  
  17.         public function __set($key, $value)
  18.         {
  19.                 if (property_exists($this, $key))
  20.                 {
  21.                         $this->$key = $value;
  22.                 }
  23.         }
  24. }

A very simple model to work with this might look like:

  1. use CodeIgniter\Model;
  2.  
  3. class JobModel extends Model
  4. {
  5.         protected $table = 'jobs';
  6.         protected $returnType = '\App\Entities\Job';
  7.         protected $allowedFields = [
  8.                 'name', 'description'
  9.         ];
  10. }

This model works with data from the jobs table, and returns all results as an instance of App\Entities\Job.When you need to persist that record to the database, you will need to either write custom methods, or use themodel’s save() method to inspect the class, grab any public and private properties, and save them to the database:

  1. // Retrieve a Job instance
  2. $job = $model->find(15);
  3.  
  4. // Make some changes
  5. $job->name = "Foobar";
  6.  
  7. // Save the changes
  8. $model->save($job);

Note

If you find yourself working with Entities a lot, CodeIgniter provides a built-in Entity classthat provides several handy features that make developing Entities simpler.

Deleting Data

delete()

Takes a primary key value as the first parameter and deletes the matching record from the model’s table:

  1. $userModel->delete(12);

If the model’s $useSoftDeletes value is true, this will update the row to set deleted_at to the currentdate and time. You can force a permanent delete by setting the second parameter as true.

An array of primary keys can be passed in as the first parameter to delete multiple records at once:

  1. $userModel->delete([1,2,3]);

If no parameters are passed in, will act like the Query Builder’s delete method, requiring a where callpreviously:

  1. $userModel->where('id', 12)->delete();

purgeDeleted()

Cleans out the database table by permanently removing all rows that have ‘deleted_at IS NOT NULL’.

  1. $userModel->purgeDeleted();

Validating Data

For many people, validating data in the model is the preferred way to ensure the data is kept to a singlestandard, without duplicating code. The Model class provides a way to automatically have all data validatedprior to saving to the database with the insert(), update(), or save() methods.

The first step is to fill out the $validationRules class property with the fields and rules that shouldbe applied. If you have custom error message that you want to use, place them in the $validationMessages array:

  1. class UserModel extends Model
  2. {
  3.         protected $validationRules    = [
  4.                 'username'     => 'required|alpha_numeric_space|min_length[3]',
  5.                 'email'        => 'required|valid_email|is_unique[users.email]',
  6.                 'password'     => 'required|min_length[8]',
  7.                 'pass_confirm' => 'required_with[password]|matches[password]'
  8.         ];
  9.  
  10.         protected $validationMessages = [
  11.                 'email'        => [
  12.                         'is_unique' => 'Sorry. That email has already been taken. Please choose another.'
  13.                 ]
  14.         ];
  15. }

The other way to set the validation message to fields by functions,

  • setValidationMessage($field, $fieldMessages)
  • :param string $field:param array $fieldMessages

This function will set the field wise error messages.

Usage example:

  1. $fieldName = 'name';
  2. $fieldValidationMessage = array(
  3.                 'required'   => 'Your name is required here',
  4.         );
  5. $model->setValidationMessage($fieldName, $fieldValidationMessage);
  • setValidationMessages($fieldMessages)
  • :param array $fieldMessages

This function will set the field messages.

Usage example:

  1. $fieldValidationMessage = array(
  2.         'name' => array(
  3.                 'required'   => 'Your baby name is missing.',
  4.                 'min_length' => 'Too short, man!',
  5.         ),
  6. );
  7. $model->setValidationMessages($fieldValidationMessage);

Now, whenever you call the insert(), update(), or save() methods, the data will be validated. If it fails,the model will return boolean false. You can use the errors() method to retrieve the validation errors:

  1. if ($model->save($data) === false)
  2. {
  3.         return view('updateUser', ['errors' => $model->errors()];
  4. }

This returns an array with the field names and their associated errors that can be used to either show all of theerrors at the top of the form, or to display them individually:

  1. <?php if (! empty($errors)) : ?>
  2.         <div class="alert alert-danger">
  3.         <?php foreach ($errors as $field => $error) : ?>
  4.                 <p><?= $error ?></p>
  5.         <?php endforeach ?>
  6.         </div>
  7. <?php endif ?>

If you’d rather organize your rules and error messages within the Validation configuration file, you can do thatand simply set $validationRules to the name of the validation rule group you created:

  1. class UserModel extends Model
  2. {
  3.         protected $validationRules = 'users';
  4. }

Retrieving Validation Rules

You can retrieve a model’s validation rules by accessing its validationRulesproperty:

  1. $rules = $model->validationRules;

You can also retrieve just a subset of those rules by calling the accessormethod directly, with options:

  1. $rules = $model->getValidationRules($options);

The $options parameter is an associative array with one element,whose key is either “except” or “only”, and which has as itsvalue an array of fieldnames of interest.:

  1. // get the rules for all but the "username" field
  2. $rules = $model->getValidationRules(['except' => ['username']]);
  3. // get the rules for only the "city" and "state" fields
  4. $rules = $model->getValidationRules(['only' => ['city', 'state']]);

Validation Placeholders

The model provides a simple method to replace parts of your rules based on data that’s being passed into it. Thissounds fairly obscure but can be especially handy with the is_unique validation rule. Placeholders are simplythe name of the field (or array key) that was passed in as $data surrounded by curly brackets. It will bereplaced by the value of the matched incoming field. An example should clarify this:

  1. protected $validationRules = [
  2.     'email' => 'required|valid_email|is_unique[users.email,id,{id}]'
  3. ];

In this set of rules, it states that the email address should be unique in the database, except for the rowthat has an id matching the placeholder’s value. Assuming that the form POST data had the following:

  1. $_POST = [
  2.     'id' => 4,
  3.     'email' => 'foo@example.com'
  4. ]

then the {id} placeholder would be replaced with the number 4, giving this revised rule:

  1. protected $validationRules = [
  2.     'email' => 'required|valid_email|is_unique[users.email,id,4]'
  3. ];

So it will ignore the row in the database that has id=4 when it verifies the email is unique.

This can also be used to create more dynamic rules at runtime, as long as you take care that any dynamickeys passed in don’t conflict with your form data.

Protecting Fields

To help protect against Mass Assignment Attacks, the Model class requires that you list all of the field namesthat can be changed during inserts and updates in the $allowedFields class property. Any data providedin addition to these will be removed prior to hitting the database. This is great for ensuring that timestamps,or primary keys do not get changed.

  1. protected $allowedFields = ['name', 'email', 'address'];

Occasionally, you will find times where you need to be able to change these elements. This is often duringtesting, migrations, or seeds. In these cases, you can turn the protection on or off:

  1. $model->protect(false)
  2.       ->insert($data)
  3.       ->protect(true);

Working With Query Builder

You can get access to a shared instance of the Query Builder for that model’s database connection any time youneed it:

  1. $builder = $userModel->builder();

This builder is already set up with the model’s $table.

You can also use Query Builder methods and the Model’s CRUD methods in the same chained call, allowing forvery elegant use:

  1. $users = $userModel->where('status', 'active')
  2.                    ->orderBy('last_login', 'asc')
  3.                    ->findAll();

Note

You can also access the model’s database connection seamlessly:

  1. $user_name = $userModel->escape($name);

Runtime Return Type Changes

You can specify the format that data should be returned as when using the find*() methods as the class property,$returnType. There may be times that you would like the data back in a different format, though. The Modelprovides methods that allow you to do just that.

Note

These methods only change the return type for the next find*() method call. After that,it is reset to its default value.

asArray()

Returns data from the next find*() method as associative arrays:

  1. $users = $userModel->asArray()->where('status', 'active')->findAll();

asObject()

Returns data from the next find*() method as standard objects or custom class intances:

  1. // Return as standard objects
  2. $users = $userModel->asObject()->where('status', 'active')->findAll();
  3.  
  4. // Return as custom class instances
  5. $users = $userModel->asObject('User')->where('status', 'active')->findAll();

Processing Large Amounts of Data

Sometimes, you need to process large amounts of data and would run the risk of running out of memory.To make this simpler, you may use the chunk() method to get smaller chunks of data that you can thendo your work on. The first parameter is the number of rows to retrieve in a single chunk. The secondparameter is a Closure that will be called for each row of data.

This is best used during cronjobs, data exports, or other large tasks.

  1. $userModel->chunk(100, function ($data)
  2. {
  3.         // do something.
  4.         // $data is a single row of data.
  5. });

Model Events

There are several points within the model’s execution that you can specify multiple callback methods to run.These methods can be used to normalize data, hash passwords, save related entities, and much more. The followingpoints in the model’s execution can be affected, each through a class property: $beforeInsert, $afterInsert,$beforeUpdate, afterUpdate, afterFind, and afterDelete.

Defining Callbacks

You specify the callbacks by first creating a new class method in your model to use. This class will alwaysreceive a $data array as its only parameter. The exact contents of the $data array will vary between events, butwill always contain a key named data that contains the primary data passed to the original method. In the caseof the insert or update methods, that will be the key/value pairs that are being inserted into the database. Themain array will also contain the other values passed to the method, and be detailed later. The callback methodmust return the original $data array so other callbacks have the full information.

  1. protected function hashPassword(array $data)
  2. {
  3.         if (! isset($data['data']['password']) return $data;
  4.  
  5.         $data['data']['password_hash'] = password_hash($data['data']['password'], PASSWORD_DEFAULT);
  6.         unset($data['data']['password'];
  7.  
  8.         return $data;
  9. }

Specifying Callbacks To Run

You specify when to run the callbacks by adding the method name to the appropriate class property (beforeInsert, afterUpdate,etc). Multiple callbacks can be added to a single event and they will be processed one after the other. You canuse the same callback in multiple events:

  1. protected $beforeInsert = ['hashPassword'];
  2. protected $beforeUpdate = ['hashPassword'];

Event Parameters

Since the exact data passed to each callback varies a bit, here are the details on what is in the $data parameterpassed to each event:

Event$data contents
beforeInsertdata = the key/value pairs that are being inserted. If an object or Entity class is passed to theinsert method, it is first converted to an array.
afterInsertid = the primary key of the new row, or 0 on failure.data = the key/value pairs being inserted.result = the results of the insert() method used through the Query Builder.
beforeUpdateid = the primary key of the row being updated.data = the key/value pairs that are being inserted. If an object or Entity class is passed to theinsert method, it is first converted to an array.
afterUpdateid = the primary key of the row being updated.data = the key/value pairs being updated.result = the results of the update() method used through the Query Builder.
afterFindVaries by find method. See the following:
- find()id = the primary key of the row being searched for.data = The resulting row of data, or null if no result found.
- findAll()data = the resulting rows of data, or null if no result found.limit = the number of rows to find.offset = the number of rows to skip during the search.
- first()data = the resulting row found during the search, or null if none found.
beforeDeleteVaries by delete method. See the following:
- delete()id = primary key of row being deleted.purge = boolean whether soft-delete rows should be hard deleted.
afterDeleteVaries by delete method. See the following:
- delete()id = primary key of row being deleted.purge = boolean whether soft-delete rows should be hard deleted.result = the result of the delete() call on the Query Builder.*data = unused.

Manual Model Creation

You do not need to extend any special class to create a model for your application. All you need is to get aninstance of the database connection and you’re good to go. This allows you to bypass the features CodeIgniter’sModel gives you out of the box, and create a fully custom experience.

  1. <?php namespace App\Models;
  2.  
  3.     use CodeIgniter\Database\ConnectionInterface;
  4.  
  5.     class UserModel
  6.     {
  7.             protected $db;
  8.  
  9.             public function __construct(ConnectionInterface &$db)
  10.             {
  11.                     $this->db =& $db;
  12.             }
  13.     }