I'm creating the WebSocket based application with Codeigniter. So, data is coming as a JSON string(not a POST Method). I want to use the Codeigniter's built-in form_validation method to validate the data received as JSON.
this is what I tried so far to set the variable so I can access it through $this->input->post('variable_name') but.
Try #1
$_POST['variable_name'] = !isset($data['variable_name']) ? NULL : $data['variable_name'];
Try #2
$variable_name = !isset($data['variable_name']) ? NULL : $data['variable_name'];
$this->form_validation->set_value("variable_name", $variable_name);
But when I use $this->input->post('variable_name')
it returns NULL.
Here is how I achieved it. Although, It doesn't seems to be an accurate solution but its simple and there is no work around.
I added only one line before execution of form validations
$_SERVER["REQUEST_METHOD"] = "POST";
and then set the variable like this
$_POST['post_var'] = "value";
Now set the validation rules and perform validation.
that's it :)
There's a method called set_data() that was introduced specifically to allow validation of non-POST inputs.
http://www.codeigniter.com/userguide3/libraries/form_validation.html#validating-an-array-other-than-post
Related
I use Laravel 5.8, and I want simply use a default value for description if it's empty, and take summary.
// summary variable request is equal to "test"
$summary = $request->get('summary', null);
$request->get('description', $summary)
But, the field is present, empty, and description give me null instead of summary value. Summary value is "test".
To get information from a request you should use get(), input() or the name directly. There is no documentation for the get method on requests for recent Laravel versions. For the input method on Laravel 5.8 the documentation says
You may pass a default value as the second argument to the input method. This value will be returned if the requested input value is not present on the request
It says it only works if it is not present so I would do it as simple as this
$description = $request->description ? $request->description : $request->summary
It really depends on what you want to achieve after all this and how you want your data.
Possible Solutions
My first impressions were that the data may not be being sent through correctly but upon looking over your code again, I realized you are using the more deprecated function ->get('description').
Try using ->input('description) instead. I personally have never used ->get(), so maybe this could be the problem.
https://laravel.com/docs/5.8/requests
There is a sample in the bottom of the official documentation http://kohanaframework.org/3.2/guide/kohana/security/validation
But obviously it wont work at the request as long as $post['username'] in View is used but the $post array is empty on first request.
So how do you restore the values in this case? Any general solution?
PS: yes, I do understand I could do isset($post['username']) ? $post['username'] : ''; but it is just annoying
I use the model to display the data in the form. That way the initial form value is the initial value in the model.
I then update the model data with POST data in the controller, if there are validation errors, the model data will contain the POST data. This means I don't have to put any conditional logic in the view, and I just do: Form::input('name', $model->name)
Here's a more detailed explanation of this approach: Kohana ORM and Validation, having problems
I use Arr::get function:
echo Form::input('name', Arr::get($post, 'name'))
I was just looking at the old documentation on Building and Validating a Form.
You can see from the sample code that first you need to initialize an array with the form field names as the key and set the value to an empty string. And if there's an error, fill in the values of each element. In the views, you can simply call Form::input() normally without any if statement or some sort.
I guess Kohana has already been built this way from the start. And it doesn't seem to change. You'll probably just need to do the same thing.
I need to capture several parameters in a controller regardless of whether the were posted or they are in the url.
Does $this->_request->getParam('parameter') work regardless?
To make life easier and shorter code, you can use the _getParam function in your controllers:
$page = $this->_getParam('page', 1);
Note that the second function variable is the default value if the request didn't include that specific variable.
Short answer, yes.
If you are in the controller, you can access any POST of GET parameter by accessing the getParam() method like you said.
$this->getRequest()->getParam("foo") will get the parameter foo, if it is present in the URL via a get param, or in a POST. It will also get any user set parameters.
The
$this->getRequest()->getParams();
Will get several parameters regardless of the action type being sent (get or post).
$this->getRequest()->getParam('foo');
Will get you individual requested parameter.
i prefer always use short function:
$parameter = $this->_getParam('parameter');
Can I use CodeIgniter's input class to xss clean GET data like this:
$somevar = $this->input->xss_clean($_GET['somevar']);
CodeIgniter's suggest that xss_clean method should be used for the submitted data.
I wonder whether $_GET vars are submitted or just visiting a URL.
So can i use it in that fashion?
Try using:
$this->input->get()
This function is identical to the post function, only it fetches get data:
$this->input->get('somevar', TRUE);
The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;
The GET array is unset by CI on startup because it uses the URI segments instead.
But you can use the xss_clean method on any var you want, just like your example, but you will find $_GET to be empty. The input class is available everywhere by default.
im re-factoring php on zend code and all the code is full of $_GET["this"] and $_POST["that"]. I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).
So i was wondering if my method was safer/better/easier to mantain. I read in the Zend Framework documentation that you must validate your own input since the request object wont do it.
That leaves me with 2 questions:
What is best of this two? (or if theres another better way)
What is the best practice for validating php input with this methods?
Thanks!
I usually use $this->_request->getParams(); to retrieve either the post or the URL parameters. Then I use the Zend_Filter_Input to do validation and filtering. The getParams() does not do validation.
Using the Zend_Filter_Input you can do application level validation, using the Zend Validators (or you can write your own too). For example, you can make sure the 'months' field is a number:
$data = $this->_request->getParams();
$validators = array(
'month' => 'Digits',
);
$input = new Zend_Filter_Input($filters, $validators, $data);
Extending Brian's answer.
As you noted you can also check out $this->_request->getPost() and $this->_request->getQuery(). If you generalize on getParams(), it's sort of like using the $_REQUEST superglobal and I don't think that's acceptable in terms of security.
Additional to Zend_Filter, you may also use simple PHP to cast the required.
E.g.:
$id = (int) $this->_request->getQuery('id');
For other values, it gets more complicated, so make sure to e.g. quote in your DB queries (Zend_Db, see quoting identifiers, $db->quoteIdentifier()) and in views use $this->escape($var); to escape content.
You can't write a one-size-fits-all validation function for get/post data. As in some cases you require a field to be a integer and in others a date for instance. That's why there is no input validation in the zend framework.
You will have to write the validation code at the place where you need it. You can of course write some helper methods, but you can't expect the getPost() to validate something for you all by itself...
And it isn't even getPost/getQuery's place to validate anything, it's job is to get you the data you wan't, what happens to it from there on should not be it's concern.
$dataGet = $this->getRequest()->getParam('id',null);
$valid = new Zend_Validate_Digits();
if( isset($dataGet) && $valid->isValid($dataGet) ){
// do some...
} else{
// not set
}
I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).
What is best of this two? (or if theres another better way)
Just a quick explanation on the choice of getQuery(). The wording choice comes from what kind of data it is, not how it got there. GET and POST are just request methods, carrying all sorts of information, including, in the case of a POST request, a section known as "post data". A GET request has no such block, any variable data it carries is part of the query string of the url (the part after the ?).
So, while getPost() gets the data from the post data section of a POST request, getQuery() retrieves data from the query string of either a GET or POST request (as well as other HTTP Request methods).
(Note that GET Requests should not be used for anything that might produce a side effect, like altering a DB row)
So, in answer to your first question, use the getPost() and getQuery() methods, this way, you can be sure of where the data source (if you don't care, getParams() also works, but may include additional data).
What is the best practice for validating php input with this methods?
The best place to validate input is where you first use it. That is to say, when you pull it from getParams(), getPost(), or getQuery(). This way, your data is always correct for where you need it, and if you pass it off, you know it is safe. Keep in mind, if you pass it to another Controller (or Controller Action), you should probably check it again there, just to be safe. How you do this depends on your application, but it still needs to be checked.
not directly related to the topic, but
to insure that you get an number in your input, one could also use $var+0
(however if $var is a float it stays a float)
you may use in most cases
$id = $this->_request->getQuery('id')+0;