For one of my Laravel Web app I want to log all the Request Parameters(Post as well as Get) in database in Json Format for that I am using $request->all() Method, which results in an exception when user tries to upload any file.
that's why I want a way to select only Serializable Parameters from the request.(for get as well as for post Requests) or a way to select all the request parameters except files.
Request::except([]) will not work for me since in Except method we will have to provide the file parameter names.
In my project, i used this except for many fields like below,
$input = $request->except('first_name', 'middle_name', 'last_name', 'address',...);
It is work fine for me.
I stored all the remain values into $input and store values from that input variable.
Please try this one.
In your case please take this debug code for test once, might be you like it to use in your current work
$allRequestParams = array_map(function($input) {
return !is_array($input) ? $input : false;
}, $request->all());
echo '<pre>';
print_r($allRequestParams);
echo '<pre/>';
die;
Since any of the answer didn't work for me I did lots of reading and some digging about laravel but still I could not find the specific solutions I was looking for, so I did a small hack, instead of using Laravel's Request Object and pulling parameters from there I simply used PHP's built in $_REQUEST parameter.
Eg.
$non_file_parameters = $_REQUEST;
$_REQUEST will have both Get as well as Post Parameters except file Parameters coz in Core PHP for files we have $_FILES super global variable.
Thanks guys for your efforts...
Related
I'm trying out Azure Functions using PHP.
Getting the request information is not working for me.
I've not been able to find any documentation at all with the information of how to use Azure Functions with PHP code.
According to the only couple of examples, it seems that in order to retrieve the input information you need to first get the content of the req variable (or whatever name you assign in the function configuration).
That has the path of the file containing the request information (in theory).
$input_path = getenv('req');
So far, if I check the content of it, I get something like this:
D:\local\Temp\Functions\Binding\e2b6e195-02f7-481b-a279-eef6f82bc7b4\req
If I check if the file exists it says true, but the file size is 0.
Do anyone knows what to do here? Anyone with an example? Does anyone know where the documentation is?
Thanks
Ok, unfortunately there's pretty limited documentation out there for php as you have discovered.
At present, looking at the code might be the best doc. Here is the InitializeHttpRequestEnvironmentVariables function that adds request metadata to the environment for the script languages (node, powershell, php, python).
Important environment variables are:
REQ_ORIGINAL_URL
REQ_METHOD
REQ_QUERY
REQ_QUERY_<queryname>
REQ_HEADERS_<headername>
REQ_PARAMS_<paramname>
I'm assuming you've made a GET request, in which case there is no content (req is an empty file), but you will see that these other environment variables contain request data. If you were to make a POST request with a body then req would have data.
here is a full example parsing a GET request in PHP with an Azure Function :)
https://www.lieben.nu/liebensraum/2017/08/parsing-a-get-request-in-php-with-an-azure-function/
snippet from source:
<?php
//retrieve original GET string
$getReqString = getenv('REQ_QUERY');
//remove the ? for the parse_str function
$getReqString = substr($getReqString,1,strlen($getReqString));
//convert the GET string to an array
$parsedRequest = array();
parse_str($getReqString,$parsedRequest);
//show contents of the new array
print_r($parsedRequest);
//show the value of a GET variable
echo $parsedRequest["code"];
?>
I have been working on a web app that has been previously built/worked on by people I have no way of contacting.
I believe we are currently on CI_VERSION 1.7.0.
I've made sure that enable_query / allow_get_array config vars are all true.
I can see the correct values in the header(query string parameters).
Example of the problem below:
//E.g.
//URL: http://www.fakeURL.com/something/stuff?color=blue&gender=boy
var_dump($_GET);
// array(1) { '/something/stuff' => string(0) "" }
Try getting url parameters with build-in class : input.
$p = $this->input->get();
var_dump($p);
Codeigniter recommand to do it this way. For example, you can't get a parameter twice with this function as it is emptied the second time. So we don't know how they manage parameters.
In earlier versions of CI the $_GET array included the requested controller/method after the URL was rewritten (as detailed in this answer), the rest of the info in it was stored in the input class and removed (see the legacy docs).
As the other answer stated, you'll need to use $this->input->get(); which will contain the original $_GET params.
I ended up using this solution, found here: https://stackoverflow.com/a/2283881/1626354
I will say that this is more of a 'work-around' than a solution, but I can't invest anymore time in this right now.
Thanks everyone for your helpful suggestions. Hopefully this will be useful to someone else someday too.
I'm from ASP.NET MVC background and this is first time I'm trying to write something in PHP.
In ASP.NET MVC we can develop models for our data and using the actions that we write we can get them or send them to another action. What I mean is that
public ActionResult Login_Action(LoginModel _Model) {
// Authenticating the user
return RedirectToAction(X);
}
when calling this the url that is shown in the address bar (in case of using GET, if it is POST nothing will be shown after the page name) will be:
www.WebsiteX.com/Login?Username=something&Password=something
The problem is that I don't even know how search for this in google (like by typing what exactly) because in Microsoft side, these are handled automatically the way I described.
But in case of PHP, how can I get the values in the address bar? do I have to get the actual address and then break the values down into arrays?
I'd appreciate any help.
First of all, this seems to be invalid for me: www.WebsiteX.com/Login?Username=something?Password=something The first parameter need to be ? and the others should be &.
Second: You can get your values of your parameters by accessing the $_GET global array.
Eg. for the username echo $_GET["Username"];
Are you using any framework? You should. And then, the Framework will give you the way to do that. In ASP.NET you use a Framework so do the same in PHP.
With vanille PHP you can get the GET values with $_GET['Username']. But please, use a framework.
I think that the most popular are Laravel and Symfony right now.
Example:
In laravel you can bind a parameter to a variable so you can do something like:
//Url: mywebsite.com/user/1/
Route::get('user/{id}', function($id)
{
return 'User '.$id;
});
Which is similar with the ASP.NET example.
NEW INFORMATION:
I used the print_r function on the $_REQUEST and something very strange is happening there too. Some values are being correctly passed by the GET such as a value on another form which passes in "TRUE". This can be seen in the print_r output but isn't written to the file... Still no closer to finding a solution to my problem however.
I'm working on a page with a lot of forms which are loaded in as needed by AJAX. This all works fine as does parsing the name:value pairs and storing them appropriately.
My error happens when the PHP parses the GET request sent by AJAX when the user is finished, it only seems to retrieve the values from certain fields.
The idea is that the user can add data from any number of forms, which are then turned into a GET request and sent to the server.
The JavaScript is building my request perfectly and all forms are sent correctly.
Depending on the forms the user submits, the data is processed by a large switch statement which passes the relevant names to a variadic function which grabs the values, and creates a string for writing to a file.
The strange error is that only some values get written to the file with others only having a blank line. No error reported by Apache or PHP, no error reported in the JavaScript console either.
I'll use the Colour form for example as this is one of the more complex.
So I add a colour action and click the button to submit all forms (this time, it's just the colour form though)
My get request looks like this:
actionIDs=Colour&coOptionSelect=Tinting&coColourEffect=Sepia&coRemoveColour=#000000&coRemoveFuzzNumber=0&coRemoveHueSelect=None&coReplaceColour=#000000&coReplaceFuzzNumber=0&coReplacementColour=#000000&coReplacementAlphaNumber=0&coReplaceHueSelect=None&coReplacementHueSelect=None
Next, the PHP parses the actionIDs part as sometimes, there will be many actions. This works fine.
We now jump to the Colour part of the switch statement.
case "Colour":
$config = processAction("coOptionSelect", "coColourEffect", "coRemoveColour", "coRemoveFuzzNumber", "coRemoveHueSelect", "coReplaceColour", "coReplaceFuzzNumber", "coReplacementColour", "coReplacementAlphaNumber", "coReplaceHueSelect", "coReplacementHueSelect");
file_put_contents($confpath . "colour.conf", $config);
break;
That writes to the correct file, but strangely, only coOptionsSelect and coColourEffect have their values written to the file. It isn't their input type as they are select statements similar to the other selects on the form. On other forms, it may be a number input or a text input that submits properly instead.
It isn't random either, the same ones will always write out properly. It also isn't positional as I moved around the values and it's still the same ones that write correctly, their position doesn't affect anything.
Finally here is processAction function.
function processAction()
{
$config = "";
foreach(func_get_args() as $field)
{
$temp = isset($_REQUEST[$field]) ? $_REQUEST[$field] : null;
$config = $config . $temp . "\n";
}
return $config;
}
The end result should be all values should write to their relevant files correctly, rather than the current issue where only a few values from each form are written, with the rest of the values being written as blank lines.
You probably need to encode your # sign to a encoded method %23
you could also use urlencode to do it before passing it to your variable.
Reference: http://php.net/manual/en/function.urlencode.php
Update:
If you are going to try to encode through javascript I would try and use this method
var newURL =
"http://example.com/index.php?url=" + encodeURIComponent(actionIDs);
or
var newURL =
"http://example.com/index.php?url=" + escape(actionIDs);
Reference: Encode URL in JavaScript?
You have three options:
escape() will not encode: #*/+
encodeURI() will not encode: ~!##$&*()=:/,;?+'
encodeURIComponent() will not encode: ~!*()'
But in your case, if you want to pass a URL into a GET parameter of other page, you should use escape or encodeURIComponent, but not encodeURI.
See Stack Overflow question Best practice: escape, or encodeURI / encodeURIComponent for further discussion.
I am writing import script from csv files and I need to validate data, most of the data is strings so I want to use something like Jinput to sanitize it.
Is there is something Joomla already have for this purpose?
It would be ideal to have something like
$field = JSanitizer::get($data/*array with data*/, "fieldname"/*name of field*/,
'string'/*type of data*/, 'null'/*default value*/);
Also I would need it to work both in Joomla 2.5 and 3.0 versions.
You are probably looking for JFilterInput::clean() This would work as follows:
$field = JFilterInput::clean($data[$fieldname], 'filter');
This does not give a way to set a default value, so you would have to handle that afterwards. This should be the same filtering that is typically done with JInput as well as on JForm elements if you write custom components.
I can't seem to find a good list of all the filters, but you can see an old version of the source here: http://docs.joomla.org/API16:JFilterInput/clean. Most recent version of the function starts at line 162 here: https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/filter/input.php
Note also that you want to pull the field out of the data array yourself. You can actually send it the entire array without a filter setting and it should at least check the entire array for XSS and other issues. If you want more nuanced filtering for integers and such, it would best to do it field by field.
$field = JFilterInput::clean($data[$fieldname], 'filter');
will fire a notice
"Non-static method JFilterInput::clean() should not be called statically"
You should initiate this with JFilterInput::getInstance() first and call it dynamically e.g.:
$field = JFilterInput::getInstance()->clean($data[$fieldname], 'filter');
Tom
You should read Joomla docs and use something like this before parsing file : $string = JRequest::getString( 'description' );
This should work across all version since 1.5
There has been some github projects to implement html purifier as plugin, i found this, but havent chance to tested it, but it should work though.