I have been working on a web app that has been previously built/worked on by people I have no way of contacting.
I believe we are currently on CI_VERSION 1.7.0.
I've made sure that enable_query / allow_get_array config vars are all true.
I can see the correct values in the header(query string parameters).
Example of the problem below:
//E.g.
//URL: http://www.fakeURL.com/something/stuff?color=blue&gender=boy
var_dump($_GET);
// array(1) { '/something/stuff' => string(0) "" }
Try getting url parameters with build-in class : input.
$p = $this->input->get();
var_dump($p);
Codeigniter recommand to do it this way. For example, you can't get a parameter twice with this function as it is emptied the second time. So we don't know how they manage parameters.
In earlier versions of CI the $_GET array included the requested controller/method after the URL was rewritten (as detailed in this answer), the rest of the info in it was stored in the input class and removed (see the legacy docs).
As the other answer stated, you'll need to use $this->input->get(); which will contain the original $_GET params.
I ended up using this solution, found here: https://stackoverflow.com/a/2283881/1626354
I will say that this is more of a 'work-around' than a solution, but I can't invest anymore time in this right now.
Thanks everyone for your helpful suggestions. Hopefully this will be useful to someone else someday too.
Related
Full disclosure: I'm not a PHP programmer, rather a Javascript/Node programmer, but I'm trying to help a friend fix a fatal PHP error on their site.
To wit,
Fatal error: Call to undefined function import_request_variables()
I've looked it up and import_request_variables() is deprecated.
The relevant piece of code is this -- I noticed that the developer seems to have tried out the more modern form (?) and abandoned it.
import_request_variables("pgc", "re_");
//extract($_GET, EXTR_PREFIX_ALL, "pgc");
//extract($_POST, EXTR_PREFIX_ALL, "pgc");
//extract($_GET, EXTR_PREFIX_ALL, "re_");
//extract($_POST, EXTR_PREFIX_ALL, "re_");
I found a solution on Stack Overflow here Php import_request_variable stopped working, that suggests using that same extract method
extract($_GET, EXTR_PREFIX_ALL, 'p');
extract($_POST, EXTR_PREFIX_ALL, 'p');
Is this the correct method to follow? I've read in other posts (e.g. here) that this could lead to security errors, as does the PHP documentation here
Warning
Do not use extract() on untrusted data, like user input (e.g. $_GET, $_FILES).
and that it's best to import the variables specifically, but I'm not sure that I'm adept enough at PHP to go through all the code and figure out where each variable is being used...
What's the best way to solve this issue swiftly and securely?
Thanks for any help!
EDIT:
This is the code where the variables are used, for what it's worth
if ($re_sub && $re_sec) { $content="./$re_sec/$re_sub.php";}
else if ($re_sec) { $content="./$re_sec/index.php";}
else { $content="./home.php";}
Wow. import_request_variables went away in PHP5, that was a LONG time ago... hope you are upgrading to 7!
Anyway, it seems that you are basically trying to form POST and the content of the post determine the URL the user is sent to. Since you can't trust user input (or shouldn't anyway) you check what is sent in the $_POST array against a whitelist. Depending on how many sections and sub-sections you have, that whitelist can be hard coded, kept in a separate include file, stored in a database, etc.
Given a structure like
home
sec1
sec1sub1
sec1sub2
sec1sub3
sec2
sec2sub1
sec2sub2
sec2sub3
sec3
sec3sub1
sec3sub2
sec3sub3
You can do something like loop through your whitelist and see if a matching POST variable was sent, if so add it to the URL.
$url="/";
$whitelist=array();
$whitelist['cars']=array("compact","sedan","sportscar");
$whitelist['trucks']=array("diesel","4x4");
$whitelist['suvs']=array("crossovers","domestic","import");
foreach($whitelist as $k=>$v){
if(isset($_POST[$k])){
$url=$url."/".$k;
foreach($v as $subv){
if(isset($_POST[$subv])){
$url=$url."/".$subv;
}
}
}
}
header("location :".$url);
For one of my Laravel Web app I want to log all the Request Parameters(Post as well as Get) in database in Json Format for that I am using $request->all() Method, which results in an exception when user tries to upload any file.
that's why I want a way to select only Serializable Parameters from the request.(for get as well as for post Requests) or a way to select all the request parameters except files.
Request::except([]) will not work for me since in Except method we will have to provide the file parameter names.
In my project, i used this except for many fields like below,
$input = $request->except('first_name', 'middle_name', 'last_name', 'address',...);
It is work fine for me.
I stored all the remain values into $input and store values from that input variable.
Please try this one.
In your case please take this debug code for test once, might be you like it to use in your current work
$allRequestParams = array_map(function($input) {
return !is_array($input) ? $input : false;
}, $request->all());
echo '<pre>';
print_r($allRequestParams);
echo '<pre/>';
die;
Since any of the answer didn't work for me I did lots of reading and some digging about laravel but still I could not find the specific solutions I was looking for, so I did a small hack, instead of using Laravel's Request Object and pulling parameters from there I simply used PHP's built in $_REQUEST parameter.
Eg.
$non_file_parameters = $_REQUEST;
$_REQUEST will have both Get as well as Post Parameters except file Parameters coz in Core PHP for files we have $_FILES super global variable.
Thanks guys for your efforts...
Started learning php this week and had many doubts, but this is one of them which i couldn't find solution(Maybe i didn't know the right keyword to search for).
Is it possible to read variables in URL as a function inside a php file,
for example :
http://mywebsite.com/demo_app/phone_api/login/harsha/harshapass
Here demo_app is the folder, phone_api is the php file, and i want to invoke the function login, where harsha and harshapass is the paramaters to that function.
You'll need 2 things for this.
The first is mod_rewrite, this is an apache module. With this module you can rewrite the URL like you want, so that /demo_app/phone_api/ will redirect to your php file.
I advice that you read a tutorial somewhere about this, for example here.
Second thing is that you need to parse the URL.
With $_SERVER['REQUEST_URI'] you get the URL. With explode and/or preg_match you can parse this string into the parts you want (function, parameters, whatever).
If you have a more specific question about this, you can ask this here (in a new topic).
Good luck!
Did you consider sending the values as $_GET variables and retrieving them in the page like so:
http://mywebsite.com/demo_app/phone_api?login=login&harsha=harsha&harshapass=harshapass
so you can get the values in the phone_api.php page like:
$login = $_GET['login'];
$harsha = $_GET['harsha'];
$harshapass = $_GET['harshapass'];
$login($harsha, $harshapass){
//your function code.
}
Maybe it'll be easier this way.
i'm stuck with using $_GET variables with CodeIgniter, anyone can help me please?
CodeIgniter comes with three helper
functions that let you fetch POST,
COOKIE or SERVER items. The main
advantage of using the provided
functions rather than fetching an item
directly ($_POST['something']) is that
the functions will check to see if the
item is set and return false (boolean)
if not. This lets you conveniently use
data without having to test whether an
item exists first. In other words,
normally you might do something like
this:
if (!isset($_GET['something'])){
$something = FALSE;
} else {
$something = $_GET['something'];
}
With CodeIgniter's built in functions you can
simply do this:
$something = $this->input->get('something');
Taken from here.
$this->input->get() or $this->input->get_post()
use Input::get():
echo $this->input->get('your_field');
There's no reason that you would be able to use $this->input->get() and not $_GET.
You may be running an older version (less than 2.0.1) that does not have real $_GET "support". Old versions intentionally unset the $_GET array, assuming because it made things "difficult" for the developers. There is a query strings setting in version 1.7.2 that is very confusing and does not do what you'd expect. Newer versions support $_GET as expected.
Please see here for more information if this is the case:
CodeIgniter Enabling Query Strings
I think you must enable 'enable_query_strings = true' first
I am using Jumi to include a number of PHP scripts on Joomla! articles and it works great. The problem I am having is with passing variables (in the form of $_GET parameters) to a PHP script.
Lets say I have a script "index.php" and I wish to pass the $_GET[] parameter "var" with the value of "10". This would normally be accomplished by pointing to: index.php?var=10. How do "emulate" this functionality with Jumi? I was hoping it would be as simple as:
{jumi [directory/index.php] [var=10]}
The above syntax however is not correct.
Any input would be appreciated.
-- Nicholas
After some trial and error and guidance from the official Joomla! forums I did solve my problem. Rather than passing a true $_GET[] parameter you can pass a $jumi array and reference that.
I wanted to avoid having to rewrite much of my script so what I did was the following.
1) Make the Jumi call like this:
{jumi [directory/index.php] [value]}
2) In index.php:
if(isset($jumi[0]))
{
$_GET['PARAM_YOU_WANT_SET'] = $jumi[0];
}
This is a very simple example of a quick and easy way to emulate passing a $_GET[] parameter to a script using Jumi. This approach saved me a great deal of time because I didn't have to rewrite my controller.
-- Nicholas
This is an old thread I know but there is something that some people might want to know.
If you are wanting to use Jumi with extra parameters in a Module then Nicholas' tip won't work but there is a way to do it.
There is a "Code written" section of the module and a "Source of code" section.
Put the url/path to the file in the "Source of code" section and then define your variables in the "Code written" section...it will pass the variable to the source file before executing so it will do what is desired.