I have a html form that his action is for "exmaple.com/mail.php?name=dan" for example.
How can I pass this parameter to Codeigniter's controller?
the 'action' in codeigniter is going to - example.com/mail, can't I do exmaple.com/mail?name=dan, right? so what can I do? (And.. I can't use Ajax for this :-))
There are several solutions. You can do it like this $name=$this->input->get("name"), but if you want to preserve the Codeigniter's philosophy you can use Javascript to change the action url of the form to /mail/dan. In that case you can access the data with this: $name=$this->uri->segment($number). $number in your case is 2, becouse "dan" is in the second URI's segment.
NOTE: If you use the second aproach, keep in mind that codeigniter's default behaviour is to automatically call controller/method from first and second segment of URI. (http://domain.com/controller/method ) In order to prevent this behaviour you can edit application/config/routes.php file. For detailed instructions refer to oficial guide.
You can emit the GET parameter as a hidden input element, i.e.:
<input type=hidden name="name_of_parameter" value="value_of_parameter" />
HOWEVER, there are two very important things to keep in mind when doing this:
You absolutely MUST sanitize the CGI argument that you are going to emit on the page (failure to do so can result in XSS vulnerabilities).
As with any other parameter, you cannot trust that this value has not been altered (so, don't use 'name=dan' to authenticate dan!).
Since I'm inferring from your example that you are using this to identify and authenticate the user, I strongly recommend you use a browser cookie for this (as well as a digital signature that encodes the checksum of this data, so that if it is altered, you can easily identify that it is invalid).
You should also set querystring variables to true:
In your CodeIgniter config;
$config['enable_query_strings'] = TRUE;
But keep in mind that this changes the way your codeigniter app behaves. See more here
Why can't you simply add a hidden field inside that HTML form and send it along with the form as POST data?
<input type="hidden" name="name" value="dan" />
Of course you would replace the value part dynamically with whatever value you currently have.
Related
I am building an TYPO3 extension with Extbase and want to store data which I get via HTTP GET.
Now I struggle with possibility to use a browser to access the action controller.
The plugin is implemented into page 102
The extension key is xyzlist
the Plugin Name is xyzlistdb
The controller name is PlaylistController
The action is getAction
The domain name is sub.domain.de
In the PlaylistController.php is under getAction only
error_log("GetAction",0);
to figure out, if the browser url goes to the getAction.
Here the URL I am using
http://sub.domain.de/index.php?id=102&tx_xyzlist_xyzlistdb[controller]=playlist&tx_xyzlist_xyzlisdb[action]=get
In the browser I am using '&' instead of only '&'
But if I only use '&', it also not access the Get action
But I don't get any message in the log file!
What I am doing wrong?
Here you have multiple possibilities...
First, you can disable [FE][pageNotFoundOnCHashError] (Install-Tool), so you dont get an 404 on invalid cHash. This is globaly for you site for all plugins. Its not the secure way.
Second, you can set plugin.tx_xyzlist_xyzlistdb.features.requireCHashArgumentForActionArguments = 0 in your typoscript to disable the pageNotFoundOnCHashError for you plugin.
Last, you can add your variables to [FE][cHashExcludedParameters] (Install-Tool), so that your variables are not included in the cHash calculation.
To get the correct link, you will have to use typolink. Probably the easiest way to generate a link to a plugin action is to use f:uri.action in a template like this:
<f:uri.action pageUid="102" extensionName="xyzlist" pluginName="xyzlistdb" action="get" />
https://docs.typo3.org/other/typo3/view-helper-reference/9.5/en-us/typo3/fluid/latest/Link/Action.html
Write first letter of your controller name capitalized.
http://sub.domain.de/index.php?id=102&tx_xyzlist_xyzlistdb[controller]=Playlist&tx_xyzlist_xyzlisdb[action]=get
Also do not turn off cHash without a good reason. That problem is not a reason at all.
Jonas mentioned to generate a link to your action with:
<f:uri.action pageUid="102" extensionName="xyzlist" pluginName="xyzlistdb" action="get" />
It is indeed a good and time saving practice.
G'day,
This is for my tutorial purpose.
I have 3 files
1. mlogin.htm - Takes the input from the user (login name and password). The action is set to the next file so the details can be checked.
<form id="logIn" name="logIn" method="get" action="mlogin.php">
2. mlogin.php - Takes the value from mlogin.htm using GET method. If the details match the details in XML file, the user is redirected to the next file
$musername = $_GET['username'];
$mpassword = $_GET['password'];
exit(header('Refresh:5; url=mloginsuccess.htm'));
3. mloginsuccess.htm - Displays the menu.
Now, what I'm trying to do is to show the username in the 3rd file so it's something like
Welcome, John
I do realise that I can do this using a session by changing the 3rd file to a
mloginsuccess.php
but it MUST be a
mloginsuccess.htm
I was wondering if this is possible.
Any help is appreciated :)
Suppose for a moment that you actually do want to follow your instructions to the letter. (You don't really want to do this, probably... interpreting requirements, rather than following them exactly, is a key trait of a decent software engineer.) If your requirement is that you must use a static page, you have a couple options for getting data accessible on that page. All of which require JavaScript.
Cookies
Query String
Anchor Fragment
Basically, you need to set this data in one of these three places so that you can access it with JavaScript from your static HTML page later on. To set a cookie with PHP, use setcookie(). To read it with JavaScript, use document.cookie, or one of the many snippets of code to make this easier.
To set the query string, simply do so in your redirect:
header('Location: http://www.example.com/mloginsuccess.htm?name=' . urlencode($_GET['username']));
See this question for the JavaScript needed to read the query string: How to get the value from the GET parameters?
Finally, for the anchor fragment, you can often redirect to it the same way. (However note that not all browsers are guaranteed to follow the anchor fragment part of the URL!) To read the anchor fragment, use window.location.hash.
I hope that in the end, you will choose to do none of these and keep your auth logic in a sensible place. Literal interpretation of requirements rarely leads to good code and application design. At a minimum, you can hack around the URL requirement with a rewrite rule, making whatever.html be an alias to whatever.php. The client doesn't know or care what is actually running on the server... that's the server's job. I would tell you how to write a rewrite rule, but you didn't specify which server you are using, so I'll leave that part up to you to Google.
How can you expect to use a php feature(SESSION) in a file which is not php(.HTML).
However you are allowed to use html inside a php file as php is a template engine and process the html ...refer this for for indepth
What renders the HTML?
just convert your .html to .php and
<?php>
session_start();
$_SESSION['username']=$_GET['username']
?>
<html>....<body>welcome <?=$_SESSION['username']?></body>...</html>
or however your html tags are.
Maybe you can use AJAX to load session details. For example, using JQuery,
<script>
...
$(document).ready(function(){
$.ajax({
url: "load_session.php",
success: function(uname){
$("#uname").html(uname);
}
});
});
...
</script>
...
Welcome, <span id="uname"></span>
I'm kind of a noob at this stuff.
But I've been browsing around and I see sites that are kind alike this
www.store.com/product.php?id=123
this is really cool. but How do I do it?
Im stuck using something like this
www.store.com/product/product123.php
If you could tell me how I can go about do this it would be awesome!
What you're looking at is a $_GET argument.
In your PHP code, try writing something like this:
$value = $_GET['foo'];
Then open your page like this:
hello.php?foo=123
This will set $value to 123.
You need to use the $_GET here.
if you use the following:
?id=123
then this will be how to use it and the result
$_GET['id'] (returns the 123)
You can use as many $_GET arguments as you need, for example:
?id=123&foo=bar&type=product
$_GET is an array of what parameters are in the url, so you use it the same way as an array.
Create a file called product.php with this code:
<?php
echo "The argument you passed was: " . $_GET['id'];
?>
Now run this URL in your browser:
http://<yourdomain>/product.php?id=123
and you will understand how $_GET works.
Those are called URL parameters (what they're contained in is called a query string), and they're not unique to PHP but can be accessed in PHP using the $_GET superglobal.
Similarly, you can get POST parameters using the $_POST superglobal, though in POST requests, these parameters are not appended to the URL.
Note: Generally, for usability purposes (and thus also SEO purposes), you want to avoid using query strings as much as possible. These days, the standard practice is to use URL rewriting to display friendly URLs to the user. So your application might accept a URL like:
/products.php?id=32
But the user only sees:
/product/32
You can do this by using mod_rewrite or similar URL rewriting capabilities to turn the friendly URL into the former query string URL internally, without having the user type out the query string.
You might want to have a look at the documentation at www.php.net, especially these pages: http://www.php.net/manual/en/reserved.variables.php
Specifically, have a look at $_GET and $_POST, which are two frequently used ways to transmit information from a browser to the server. (In short, GET-parameters are specified in the URL, as in your question, while POST-parameters are "hidden from view", but can contain more data - typically the contents of forms etc, such as the textbox you posted your question in).
I'm using Zend Framework and it has a controller formatted to be accessed like this: url/search/Steve where Steve is a $_GET variable(name=keyword). It parses it correctly.
Now, the big question is: how can I have an url like that after the form is submitted? Instead of having ?keyword=Steve.
Thanks
have a look at the getParam method for Zend_Controller_Request
Something like this...
$var = Zend_Controller_Request::getParam('keyword');
$url = 'url/search'.$var;
If you var_dump($var) in between the two lines of code above you can test what values your application is returning.
This is all part of Zends Request object
Remember you can still use the $_GET superglobal with zend so the above becomes
$var=$_GET['keyword'];
$url = 'url/search'.$var;
I'm unsure of what you really want to have done.
If you have forms then what you should do in your case is to put method="POST" so that the fields don't end up in the URL at all in your case.
Or you need to do some JavaScript trickery to change the action="" of the form whenever the field you mention is changed. However, I've found this to be a bit unreliable as some browsers doesn't really like this for some reason.
Or, perhaps better, you could do a redirect after the form is submitted, where you redirect to the new "prettier" URL.
It all depends on your purpose.
I an redirection (in some cases) from a controller to the error controller, action 'not-logged-in' using the redirector helper. My problem is the following: I want to pass an argument in the $_POST array (an URL from where the redirection happened) so the user will be able to return to that page after performing a login.
How can i place data in the $_POST array while using redirect helper?
Thank you ahead.
When you use the redirector with an internal redirect (ie. goToRoute) the paramters are passed along with it. Thus if you add your refferrer to the the request before you actually redirect:
// Assuming $request is a Zend_Controller_Request
$request->setParam('ref', $referrer);
// then use the redirector
then that variable will be passed along with the request upon redirect. So then you would need to check for/grab that variable from the request in the action youve redirected to and then set it as a hidden field in the form. Then when your form posts to your login action you can check again for a ref variable and on successful login redirect to that location.
Now if i were you i would not actually use the referral as the url but a serialized or json encoded array of the previous request's parameters. that way you can use goToRoute in this second instance as well.
Ofcourse if the redirection came form some sort of post action that contained sensitive data you wouldnt want to do this. In that case you would want to use the session as has been previously suggested.
Above all the best advice i can give is to look at the code of Zend_Controller_Router_Rewrite and Zend_Controller_Action_Helper_Redirector.
Not possible without some socket or Curl jiggery pokery.
Why not try using $_SESSION array in the same way?
Does it really matter if the user can see the redirection url in the address bar? i doubt they will care and i see it a few times on some top sites.
Passing control to the login page just feels more like a _forward than a _redirect, like it all belongs under the one action. Especially since you're coming right back.
_forward($action, $controller = null, $module = null, array $params = null)
Then, you can pass your originating location in $params as you'd like.
I'm pretty sure that you can't send POST when redirecting a person to another page. But maybe you can, and if so, I hope somebody proves me wrong here.
I'm not sure how you'd do what you want using Zend Framework, but I would suggest two ways how to do it in general. You can either send a GET variable, or use a session variable to store a back-URL.