i'm stuck with using $_GET variables with CodeIgniter, anyone can help me please?
CodeIgniter comes with three helper
functions that let you fetch POST,
COOKIE or SERVER items. The main
advantage of using the provided
functions rather than fetching an item
directly ($_POST['something']) is that
the functions will check to see if the
item is set and return false (boolean)
if not. This lets you conveniently use
data without having to test whether an
item exists first. In other words,
normally you might do something like
this:
if (!isset($_GET['something'])){
$something = FALSE;
} else {
$something = $_GET['something'];
}
With CodeIgniter's built in functions you can
simply do this:
$something = $this->input->get('something');
Taken from here.
$this->input->get() or $this->input->get_post()
use Input::get():
echo $this->input->get('your_field');
There's no reason that you would be able to use $this->input->get() and not $_GET.
You may be running an older version (less than 2.0.1) that does not have real $_GET "support". Old versions intentionally unset the $_GET array, assuming because it made things "difficult" for the developers. There is a query strings setting in version 1.7.2 that is very confusing and does not do what you'd expect. Newer versions support $_GET as expected.
Please see here for more information if this is the case:
CodeIgniter Enabling Query Strings
I think you must enable 'enable_query_strings = true' first
Related
My old website just got moved to a new server (new PHP platform).
When the URL says: http://url.com/page.php?num=9
This used to work:
if($num == "9")
echo "hello";
?>
What changed in the intervening thousand years since this site was built?
in this case, you need to GET the variable use this way
$number = $_GET["num"];
Then you can continue with
if($number=="9") {
echo "hello";
}
What changed was:
PHP 4.1 - Superglobals ($_GET, $_POST, etc.) were introduced
PHP 4.2 - register_globals default setting changed from ON to OFF
PHP 5.3 - Register globals was deprecated
PHP 5.4 - Register globals was removed
Register globals was what allowed you to automatically have $num available if it was in the URL. There is some discussion in the PHP documentation I linked about the various (good) reasons that feature was removed. Probably a good TL/DR (from that documentation) would be:
When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier.
As other answers have shown, the way to get it now is using $_GET['num'], but if your code was relying on register globals, there will probably be other things that need to be updated as well.
$_GET['your_url_parameter_name_here']
in your instance use the below code
if($_GET['num'] == "9")
echo "hello";
You get values from a url like this:
url: http://example.com/page.php?num=9
$_GET['num'];
To check if it's set, you can simply do this:
if(isset($_GET['num'])){
//return true
}
Or for you instance, if it's 9
if($_GET['num'] == "9"){
echo "It's 9";
}
Read about $_GET in the manual
I'm running HHVM 3.2.0 and trying to get access to GET and POST request parameters. The problem is, HHVM doesn't support access to PHP superglobals ($_GET, $_POST, $_SERVER, etc).
The only other way I know of getting access to request parameters in PHP is via the filter_input function, but is that really best practice (if I'm just using the raw filter)? It seems as though HHVM should support something cleaner than that. (What about Hack?)
HHVM absolutely supports superglobals in PHP code -- they're a really key part of PHP! The docs page you've linked to is simply wrong, and I've filed a bug to get it fixed.
In strict mode Hack code, superglobals are not supported; this cookbook example shows how you can access them via partial mode.
Seems like they added HH\global_get() to get global variables.
https://docs.hhvm.com/hack/reference/function/HH.global_get/
To put everything together
use namespace \Facebook\TypeSpec;
// get $_GET using global_get
function global_get_get(): darray<arraykey, mixed> {
$spec = TypeSpec\darray(
TypeSpec\arraykey(),
TypeSpec\mixed(),
);
return $spec->assertType(\HH\global_get("_GET"));
}
I have been trying to write a plugin on elgg framework. So I tried to call specific css for a particular page by using elgg_extend_view() function which is not working. For example
if(elgg_get_context()){
elgg_extend_view('css/elgg', 'myplugin/css');
}/*This works*/
But the following doesnt seem to work
if(!elgg_get_context()){ //If there is not elggcontext call no_css file
elgg_extend_view('css/elgg', 'myplugin/no_css');
}/*This is not working */
Can anybody tell me why?
Apparently, you're misinterpreting expected behavior of elgg_get_context function.
Check: http://reference.elgg.org/pageowner_8php.html#a25fe73eb19442b4a4476f18e63abf382 It uses strings as a context name (it has to be pushed first and is expected usually to be set just before pagesetup event)
Conditional extension of elgg/css won't work correctly, due to caching. You probably want to use elgg_register_css and elg_load_css instead.
elgg_get_context() returns STRING or NULL
The exclamation (!) is not good in this case.
Try:
if(null!==elgg_get_context()){ //If there is not elggcontext call no_css file
elgg_extend_view('css/elgg', 'myplugin/no_css');
}
If any problem try to visualize what the function is returning, see:
var_dump(elgg_get_context());
Note: elgg is in version 1.8.18, check if you have updated the code.
The best way to do this is to compare your plugin's context, as elgg will always maintain some context.
so do it like:
if(elgg_get_context() == 'myplugin'){
elgg_extend_view('css/elgg', 'myplugin/css');
}
I am writing import script from csv files and I need to validate data, most of the data is strings so I want to use something like Jinput to sanitize it.
Is there is something Joomla already have for this purpose?
It would be ideal to have something like
$field = JSanitizer::get($data/*array with data*/, "fieldname"/*name of field*/,
'string'/*type of data*/, 'null'/*default value*/);
Also I would need it to work both in Joomla 2.5 and 3.0 versions.
You are probably looking for JFilterInput::clean() This would work as follows:
$field = JFilterInput::clean($data[$fieldname], 'filter');
This does not give a way to set a default value, so you would have to handle that afterwards. This should be the same filtering that is typically done with JInput as well as on JForm elements if you write custom components.
I can't seem to find a good list of all the filters, but you can see an old version of the source here: http://docs.joomla.org/API16:JFilterInput/clean. Most recent version of the function starts at line 162 here: https://github.com/joomla/joomla-cms/blob/master/libraries/joomla/filter/input.php
Note also that you want to pull the field out of the data array yourself. You can actually send it the entire array without a filter setting and it should at least check the entire array for XSS and other issues. If you want more nuanced filtering for integers and such, it would best to do it field by field.
$field = JFilterInput::clean($data[$fieldname], 'filter');
will fire a notice
"Non-static method JFilterInput::clean() should not be called statically"
You should initiate this with JFilterInput::getInstance() first and call it dynamically e.g.:
$field = JFilterInput::getInstance()->clean($data[$fieldname], 'filter');
Tom
You should read Joomla docs and use something like this before parsing file : $string = JRequest::getString( 'description' );
This should work across all version since 1.5
There has been some github projects to implement html purifier as plugin, i found this, but havent chance to tested it, but it should work though.
I have a very old client who is now having issues with security because of the MYSQL Injection. This client does not have enough money to change his PHP database functions to PDO or MYSQLI. Nevertheless, he suggested that he wants a function that prevents mysql injuction. He is fully aware that the function is not perfect. But, he does not have any other temporary way right now. the function that I wrote for him is called safe();. Here comes my question. How can I apply the function to all POSTs and REQUESTs in his site. His site has many files, it will take hours to change. is there anything that I can add in the Header of every file that applies my function to all POSTs and REQUESTs variables?
something that maybe looks like this :
$_POST[*] = safe($_POST[*]);
Of course, the above code does not work. but I hope you get the idea.
You can use array_map, but I doubt it'll be perfect solution:
$final = array_map( "mysql_real_escape_string", $_POST );
In the end $_POST and $_GET are just arrays.
You could do a foreach like
foreach ($_POST as $key => $value) {
safe($value);
}
if they have old php servers etc. So if you have a general file that is included over the whole website and the "normal" functions aren't an option, this could be the back-up plan.
You are describing the infamous Magic Quotes, which are still available if the server is older than PHP/5.4.0 (which I presume is the case).
Please note that they affect all POST data, including that which is not going to be injected in a SQL query.
If you prefer your safe() function, you can simply write a simple script that makes the change and call it via auto_prepend_file.
Possible duplicate of https://stackoverflow.com/questions/15664021/php-escaping-vars-posted-through-var-and-got-by-postvari-with-a-meth
As I was told, there's no universal method, but you can give it a try through foreaching the $_POST array