I have a textarea in my front-end which accepts the google map code which is an iframe. When I tried to update it, the query fails. The values is not getting inserted into the database. I use text for saving iframe in db. The code I use in model :
function save(){
$data['cmpny_address'] = $this->input->post('cmpny_address');
$data['cmpny_map'] = $this->input->post('cmpny_map');
$this->db->where('id',1);
$this->db->update('contact_us', $data);
}
I have tried sanitizing the input with htmlspecialchars, strip_tags, $this->db->escape etc. I have actually tried all the suggestions from related SO questions. But no luck. Somebody please suggest a way to fix the issue.
EDIT:
It is the <iframe></iframe> that is creating the problem. <p></p> , <h1></h1> gets through without any error.
(Posted on behalf of the OP).
It was a server issue. The support team said "modsecurity was blocking it".
No need to write any htmlspecialcharsand strip_tags Active record automatically handle all those thing.
Use set method to update your data
function save(){
$this->db->set("cmpny_address", $this->input->post('cmpny_address'));
$this->db->set("cmpny_map", $this->input->post('cmpny_map'));
$this->db->where('id',1);
$this->db->update('contact_us');
}
OR
create you data array like
$data=array('cmpny_address'=>$this->input->post('cmpny_address'),'cmpny_map'=>$this->input->post('cmpny_map'));
$this->db->where('id',1);
$this->db->update('contact_us', $data);
UPDATED
To send iframe into post you have to set
$config['global_xss_filtering'] = FALSE;
In your config.php file
Related
Right now i am working on a Codeigniter project in which I am sending a link to the user to update their password, every thing is working according to the plan. Now all I need to know is that how can I extract data from URL that the user is following to update password.
Example:
http://localhost/ciauth/user/password_reset/user#gmail.com/6f1bb1aeba261e92c390ac28d85267767038703e
I want to extract the code after the E-mail ID.
Never mind i have solved it doing
$url_code=$this->uri->segment(4);
This is okay. But it will be better if you implement it with your action function:
public function password_reset($email, $code){
// $email: user#gmail.com
// $code: 6f1bb1aeba261e92c390ac28d85267767038703e
}
Try this, From this you can do extract full url, Place below code to your password_reset() to see your url extraction
echo'<pre>';print_r($this->uri->segment_array());die;
Never mind i have solved it doing
$url_code=$this->uri->segment(4);
I am using CodeIgniter v 3.1.4. In one of the form, i have a text box to save urls (like https://stackoverflow.com/questions/ask, http://google.com etc.) into the MySql database.
Before save, i am sanitizing the urls like shown below:
Inside Constructor:
$this->load->helper('security');
Inside Add function:
$hlt_url = $this->security->xss_clean($this->input->post('txtHLnk'));
$hlt_hlines = $this->security->xss_clean($this->input->post('txtAreaHLine'));
When i enter simple/plain string in the textboxes, then the data gets saved in the DB, however when i enter url in the textboxes, the data is not saved in DB, neither does it show any error message.
Please explain with code whats i am doing wrong. Thanks
$hlt_url = $this->input->post('txtHLnk', true);
$hlt_hlines = $this->input->post('txtAreaHLine', true);
I thin kthis is the new implementation of sanitizing inputs in latest version.
I am using the controller to make a multiple page form. I am saving submitted and unsubmitted applications data to a database field:
$serialized_data = $oCon->dbConn->real_escape_string(
serialize($ctrl->getSessionContainer())
);
$oCon->dbConn->query(
"INSERT INTO form_data SET (data) VALUES ('" . $serialized_data . "')"
);
That works fine but how do I get the saved object back into the session for unfinished entries?
Getting only the values back works when saving them to the database field with getValue() and
$ctrl->addDataSource(new HTML_QuickForm2_DataSource_Array($unserialized_data));
but I need the whole object with the valid pages array as well.
I suppose the answer lies hidden in this page but I couldn't make it work with any combination of storeDataSources(), addDataSource() and setDataSources(). There seems to be missing a setSessionContainer() method.
This is my first question on this forum, I tried to stick to all the rules, please correct me if I made stupid mistakes or if this is a stupid question.
I think you're mis-understanding how to use Quickform2. If you need to work with a multi-page form then you want to make use of QuickformController: http://pear.php.net/manual/en/package.html.html-quickform2.controller-overview.php
In Codeigniter I do this
$p=$this->input->post();
to get all objects posted but I don't know if there is something similar in cakephp to get all posted variables from a form ? I am writing a function to get posted password and save it into database in place of the old password recorded there.
I use native php to get 'posted' variables from a form, (I am not familiar with cakephp form usage) that is why, so instead of using $_POST['sssss'] what should I do now ?
Thank you for any help.
$value = $this->request->data('key');
Please for further reference, read the manual. It's so much easier and better for yourself to figure it out by yourself.
http://book.cakephp.org/2.0/en/controllers/request-response.html#accessing-post-data
for the GET method
$this->request->query['category-name'];
and POST method
$this->request->data
http://book.cakephp.org/2.0/en/controllers/request-response.html#accessing-querystring-parameters
You can check if posted a form by using
if (!empty($this->data)) {
print_r($this->data);
}
The Post data must be in data to show up in $this->request->data.
Example:
// input field
<input type="text" name="data[foo]" value="bar" />
// in your controller
debug($this->request->data);
To check if posted a form, please use:
if ($this->request->is('post')) {
pr($this->request->data);
}
If you want to get a specific field of the table can move so:
if($this->data["Objetorastreavel"]["id"]){
}
It checks only the ID Objetorestraeval if you want to pick only one field and not post the whole page.
You should able to access form post data with:
For CakePHP 2.x
if ($this->request->is('post')) {
pr($this->request->data);
}
For CakePHP 3.4.x
if ($this->request->is('post')) {
pr($this->request->getData());
}
Documentation for CakePHP 3
You can use following to retrieve post/get data in CakePHP
For post data:
$this->request->data;
For get data:
$this->request->query;
OK, here's my dilemma:
I've read all over about how many guys want to be able to display a set of images from Flickr using PHPFlickr, but lament on how the API for PhotoSets does not put individual photo descriptions. Some have tried to set up their PHP so it will pull the description on each photo as the script assembles the gallery on the page. However, the method has shown how slow and inefficient it can be.
I caught an idea elsewhere of creating a string of comma separated values with the photo ID and the description. I'd store it on the MySQL database and then call upon it when I have my script assemble the gallery on the page. I'd use explode to create an array of the photo ID and its description, then call on that to fill in the gaps...thus less API calls and a faster page.
So in the back-end admin, I have a form where I set up the information for the gallery, and I hand a Set ID. The script would then go through and make this string of separated values ("|~|" as a separation). Here's what I came up with:
include("phpFlickr.php");
$f = new phpFlickr("< api >");
$descArray = "";
// This will create an Array of Photo ID from the Set ID.
// $setFeed is the set ID brought in from the form.
$photos = $f->photosets_getPhotos($setFeed);
foreach ($photos['photoset']['photo'] as $photo) {
$returnDesc = array();
$photoID = $photo['id'];
$rsp = $f->photos_getInfo($photoID);
foreach ($rsp as $pic) {
$returnDesc[] = htmlspecialchars($pic['description'], ENT_QUOTES);
}
$descArray .= $photoID."|~|".$returnDesc[0]."|~|";
}
The string $descArray would then be placed in the MySQL string that puts it into the database with other information brought in from the form.
My first question is was I correct in using a second foreach loop to get those descriptions? I tried following other examples all over the net that didn't use that, but they never worked. When I brought on the second foreach, then it worked. Should I have done something else?
I noticed the data returned would be two entries. One being the description, and the other just an "o"...hence the array $returnDesc so I could just get the one string I wanted and not the other.
Second question is if I made this too complicated or not. I like to try to learn to write cleaner/leaner code, and was looking for opinions.
Suggestions on improvement are welcome. Thank you in advance.
I'm not 100% sure as I've just browsed the source for phpFlickr, and looked the the Flickr API for the getInfo() call. But let me have a go anyway :)
First off, it looks like you shouldn't need that loop, like you mention. What does the output of print_r($rsp); look like? It could be that $rsp is an array with 1 element, in which case you could ditch the inner loop and replace it with something like $pic = $rsp[0]; $desc = $pic['description'];
Also, I'd create a new "description" column in your database table (that has the photo id as the primary key), and store the description in their on its own. Parsing db fields like that is a bit of a nightmare. Lastly, you might want to force htmlspecialchars to work in UTF8 mode, cause I don't think it does by default. From memory, the third parameter is the content encoding.
edit: doesn't phpFlickr have its own caching system? Why not use that and make the cache size massive? Seems like you might be re-inventing the wheel here... maybe all you need to do is increase the cache size, and make a getDescription function:
function getDescription ($id)
{
$rsp = $phpFlickr->photos_getInfo ($id);
$pic = $rsp[0];
return $pic['description'];
}