I have a website build in CodeIgniter framework. The website contain a lot of forms for different purposes. I am submitting these forms directly to a controller function.
What are the things I should apply in this input before I save it to database through the model?
If I directly send this data without doing anything, what will be the security risk?
You need to use form_validation
https://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
Best way will be if you will set rules for each field
like this
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
$this->form_validation->set_rules('email', 'Email', 'required');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('myform');
}
else
{
$this->load->view('formsuccess');
}
And you don't need to use any special escape
Or try to understand how to use PDO in CodeIgniter
http://codebyjeff.com/blog/2013/03/codeigniter-with-pdo
Related
I have a input page with 3 inputs username, password, OTP. When password is wrong i want to send it 1 function and if OTP fails i want to send it other function. How can i achieve this. Below is a sample code.
public function verifyLogin() {
$data['BASE_URL'] = base_url();
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
$this->form_validation->set_rules('otp', 'OTP', 'trim|xss_clean|callback_check_otpNum');
if ($this->form_validation->run() == false) {
if(//passwordFails)
$this->index();
else if(//otpfails)
$this->loginPage();
}
}
Try using $this->form_validation->error_array() to get all failed validations and then equating accordingly
I used to validate my registration form by the following code:
$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[cpassword]|md5');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required');
but when i browse my form it shows me an error that password doesn't match.
codeigniter form result
Controllers are not for database. So, please change your code to this:
$this->form_validation->set_rules('password', 'Password', 'trim|required');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required|matches[password]');
If you want to put it as a hash into the database, you should use Models. Here is an example code:
public function signup() {
$password = $this->input->post('password', true);
$hash = password_hash($password, PASSWORD_BCRYPT); // put $hash variable into your database
...
}
I need to redirect the url with hashtag in Codeigniter3. There is no error but its not redirect with hashtag. Please help me to fix it.
http://localhost:8888/CodeIgniter/index/aboutus#aboutusredirect
Controller.
public function aboutus()
{
$this->form_validation->set_rules('name', 'Name', 'required');
$this->form_validation->set_rules('email', 'Email', 'required|trim');
$this->form_validation->set_rules('subject', 'Subject', 'required');
$this->form_validation->set_rules('message', 'Message', 'required');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('include/header.php');
$this->load->view('about');
$this->load->view('include/footer.php');
}
else
{
$this->load->view('profilecreate');
}
}
Inside the if condition change
$this->load->view('include/header.php');
$this->load->view('about');
$this->load->view('include/footer.php');
use redirect function like below:
redirect('index/aboutus#aboutusredirect');
you can use required_once() function in 'about' view and then use redirect() for go another page.
you change about view like this :
required_once('include/header.php')
//html tag in about view
required_once('include/footer.php')
and then you're code must be like this :
public function aboutus()
{
$this->form_validation->set_rules('name', 'Name', 'required');
$this->form_validation->set_rules('email', 'Email', 'required|trim');
$this->form_validation->set_rules('subject', 'Subject', 'required');
$this->form_validation->set_rules('message', 'Message', 'required');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('about');
}
else
{
$this->load->view('profilecreate');
}
}
<?php
class Form extends CI_Controller {
public function index()
{
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('confpassword', 'Password', 'required|matches[password]', 'callback__matcherror');
//$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
//$this->form_validation->set_rules('email', 'Email', 'required');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('login');
}
else
{
$this->load->view('insert_dream');
}
}
public function _matcherror() {
$this->form_validation->set_message('_matcherror', 'Passwords should match');
return FALSE;
}
}
?>
i am a newbie to codeigniter. The above code doesnt display passwords should match error message. Is something wrong with the callback or Am i missing something.
Take a look here. You don't need to make a callback.
You are passing callback__matcherror as fourth parameter of set_rules function.It should be 3rd parameter. Use this way
$this->form_validation->set_rules('confpassword', 'Password', 'required|matches[password]|callback__matcherror');
Note
You will get this error message if your password fields match.Because you applying 3 rule there.3rd rule(call_back_function) will apply when 2nd rule is success. Your 2nd rule will valid when passwords matches.
matches[password]
will automatically check for password. You need not to use callback function callback__matcherror
When form_validation->run() returns FALSE, I need to know which rule didn't pass the validation test.
I know I can echo form_error() or validation_errors(), but this needs to be done before a view is loaded.
The controller needs to act differently according to which input didn't pass the validation.
Example:
public function index()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run())
{
$this->load->view('something');
}
else
{
//check which rule didn't pass and act accordingly
}
}
I tried using empty on form_error('something') from within the if statement but this returns an error as empty doesn't take functions.
Also note, I can't change the error delimiters because they are used elsewhere in the script.
How would I check which rule was triggered without echoing validation_errors()?
YOU CAN USE error() for this-
public function index()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run())
{
$this->load->view('something');
}
else
{
print_r($this->form_validation->error());
}
}
To display an error message using a specific field
form_error('username')