added a note about security and filtering raw post data
diff --git a/user_guide/general/models.html b/user_guide/general/models.html
index ca6ab2d..7b2d686 100644
--- a/user_guide/general/models.html
+++ b/user_guide/general/models.html
@@ -18,7 +18,6 @@
<meta name='robots' content='all' />
<meta name='author' content='ExpressionEngine Dev Team' />
<meta name='description' content='CodeIgniter User Guide' />
-
</head>
<body>
@@ -98,7 +97,7 @@
<br />
function insert_entry()<br />
{<br />
- $this->title = $_POST['title'];<br />
+ $this->title = $_POST['title']; // please read the below note<br />
$this->content = $_POST['content'];<br />
$this->date = time();<br />
<br />
@@ -117,9 +116,7 @@
}</code>
<p>Note: The functions in the above example use the <a href="../database/active_record.html">Active Record</a> database functions.</p>
-
-
-
+<p class="important"><strong>Note:</strong> For the sake of simplicity in this example we're using $_POST directly. This is generally bad practice, and a more common approach would be to use the <a href="http://codeigniter.com/user_guide/libraries/input.html">Input Class</a> $this->input->post('title')</p>
<h2><a name="anatomy"></a>Anatomy of a Model</h2>
<p>Model classes are stored in your <dfn>application/models/</dfn> folder. They can be nested within sub-folders if you