I am trying to pass parameters from one action (foo) to another (foobar).
In action foo, I set the arguments thus:
$request->getParameterHolder()->set('arg1', 'alice');
$request->getParameterHolder()->set('arg2', 'bob');
In action foobar, I try to retrieve the params thus:
$arg1 = $request->getParameter('arg1');
$arg2 = $request->getParameter('arg2');
$this->forward404Unless($arg1 && $arg2); //always forwarded
Note: I am aware that I can save the params into the user session variable - but I dont want to do that. I want to pass them as parameters - any ideas how to get this to work?
You can simply try this:
$this->redirect('module/action2?'.
http_build_query(array("arg1"=> "alice", "arg2"=>"bob")));
greg0ire's answer sounds like it's what you are asking for but there are a couple of other approaches that might be worth looking at if passing query string parameters isn't a hard requirement.
You could use a forward if you want the foobar action to execute after foo. Unlike a redirect this will live in the same request cycle so you can pass variables without touching the session.
You don't say why you don't want to use the session but there is a halfway house in Symfony: flash attributes. These are stored in the session but are guaranteed not to live beyond the next request which may be a suitable compromise.
Related
Is it OK to use
$id = $request->get('some_id');
instead of setting some parameters in Routes AND Controller like:
Route::get('some_page/{parameters}', 'controllerName#functionName');
function functionName($parameters)
{
$id = $parameters;
}
Appreciation
Of course it's good. When you're using GET, both ways are similar and if you like to use $request->get() for some reason, it's totally ok.
If you're using Form, it's the only right way. Plus, you can create custom Request class to use it for validation and other operations:
https://laravel.com/docs/master/validation#form-request-validation
They have two fundamentally different goals.
Using $request->get() is a way to retrieve a value from inside the php's REQUEST object regardless of its association with routing pattern you use.
Following HTTP's standards, you probably use $_GET to read some value without it changing the database [significantly] and you use $_POST to write data to you server.
While {pattern} in routing ONLY and ONLY should be used as a way for your application to locate something, some resource(s); in other words, its only goal is to help you route something in your server.
Nevertheless, in certain cases, such as /user/{id} the value of {id} might encounter some overlapping as to whether be treated as a route parameter or as a key of $_REQUEST.
Things such as tokens, filters criteria, sorting rules, referrers (when not significantly) etc. can be read right from $_REQUEST without interfering them into routing pattern of you application.
Is it possible to store an anonymous function in a session var and use it later on?
For instance:
$func = "echo $str;";
$_SESSION['myfunc'] = create_function('$str',$func);
When I call $_SESSION['myfunc']('Hello') it works fine on the page it is created in. When called in another page however, I get the error
Call to undefined function()
The other session-vars are available, so that's not the problem. In the session data I see a reference to a lambda, but I can't get it to work.
You can't store an actual function in a session variable - the variable that you're storing in the session needs to be serializable, and lambdas are not. Plus, this seems like a very convoluted thing to do.
Why not store the name of the function that you want to call, and then execute it that way? Or, if you really want to achieve this, you could store the function string in the session, then create the function after the session is restarted.
However, there's almost certainly a better way of achieving what you want.
There is a library allowing to serialize closures: https://github.com/jeremeamia/super_closure
This might allow you to store a closure in a session.
Not sure it's a good idea, though.
The very reason that you would like to store a function in a session variable means that you're doing something wrong. What is the intention of this strategy from your side?
I need to capture several parameters in a controller regardless of whether the were posted or they are in the url.
Does $this->_request->getParam('parameter') work regardless?
To make life easier and shorter code, you can use the _getParam function in your controllers:
$page = $this->_getParam('page', 1);
Note that the second function variable is the default value if the request didn't include that specific variable.
Short answer, yes.
If you are in the controller, you can access any POST of GET parameter by accessing the getParam() method like you said.
$this->getRequest()->getParam("foo") will get the parameter foo, if it is present in the URL via a get param, or in a POST. It will also get any user set parameters.
The
$this->getRequest()->getParams();
Will get several parameters regardless of the action type being sent (get or post).
$this->getRequest()->getParam('foo');
Will get you individual requested parameter.
i prefer always use short function:
$parameter = $this->_getParam('parameter');
Rather than using controller/action/key1/value1/key2/value2 as my URL, I'd like to use controller/action/value1/value2. I think I could do this by defining a custom route in my Bootstrap class, but I want my entire application to behave this way, so adding a custom route for each action is out of the question.
Is this possible? If so, how would I then access valueN? I'd like to be able to define the parameters in my action method's signature. e.x.:
// PostsController.php
public function view($postID) {
echo 'post ID: ' . $postID;
}
I'm using Zend Framework 1.9.3
Thanks!
While I don't think it's possible with the current router to allow N values (a fixed number would work) you could write a custom router that would do it for you.
I would question this approach, however, and suggest that actually listing all of your routes won't take long and will be easier in the long run. A route designed as you've suggested would mean that either your named parameters are always in the same order, i.e.
/controller/action/id/title/colour
or that they are almost anonymous
/controller/action/value1/value2/value3
With code like
$this->getRequest()->getParam('value2'); //fairly meaningless
Does it have to be N or can you say some finite value? For instance can you imagine that you'll never need more than say 5 params? If so you can set up a route:
/:controller/:action/:param0/:param1/:param2/:param3/:param4
Which will work even if you don't specify all 5 params for every action. If you ever need 6 somewhere else you can just add another /:paramN onto the route.
Another solution I've worked with before is to write a plugin which parses the REQUEST_URI and puts all the extra params in the request object in the dispatchLoopStartup() method. I like the first method better as it makes it more obvious where the params are coming from.
im re-factoring php on zend code and all the code is full of $_GET["this"] and $_POST["that"]. I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).
So i was wondering if my method was safer/better/easier to mantain. I read in the Zend Framework documentation that you must validate your own input since the request object wont do it.
That leaves me with 2 questions:
What is best of this two? (or if theres another better way)
What is the best practice for validating php input with this methods?
Thanks!
I usually use $this->_request->getParams(); to retrieve either the post or the URL parameters. Then I use the Zend_Filter_Input to do validation and filtering. The getParams() does not do validation.
Using the Zend_Filter_Input you can do application level validation, using the Zend Validators (or you can write your own too). For example, you can make sure the 'months' field is a number:
$data = $this->_request->getParams();
$validators = array(
'month' => 'Digits',
);
$input = new Zend_Filter_Input($filters, $validators, $data);
Extending Brian's answer.
As you noted you can also check out $this->_request->getPost() and $this->_request->getQuery(). If you generalize on getParams(), it's sort of like using the $_REQUEST superglobal and I don't think that's acceptable in terms of security.
Additional to Zend_Filter, you may also use simple PHP to cast the required.
E.g.:
$id = (int) $this->_request->getQuery('id');
For other values, it gets more complicated, so make sure to e.g. quote in your DB queries (Zend_Db, see quoting identifiers, $db->quoteIdentifier()) and in views use $this->escape($var); to escape content.
You can't write a one-size-fits-all validation function for get/post data. As in some cases you require a field to be a integer and in others a date for instance. That's why there is no input validation in the zend framework.
You will have to write the validation code at the place where you need it. You can of course write some helper methods, but you can't expect the getPost() to validate something for you all by itself...
And it isn't even getPost/getQuery's place to validate anything, it's job is to get you the data you wan't, what happens to it from there on should not be it's concern.
$dataGet = $this->getRequest()->getParam('id',null);
$valid = new Zend_Validate_Digits();
if( isset($dataGet) && $valid->isValid($dataGet) ){
// do some...
} else{
// not set
}
I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).
What is best of this two? (or if theres another better way)
Just a quick explanation on the choice of getQuery(). The wording choice comes from what kind of data it is, not how it got there. GET and POST are just request methods, carrying all sorts of information, including, in the case of a POST request, a section known as "post data". A GET request has no such block, any variable data it carries is part of the query string of the url (the part after the ?).
So, while getPost() gets the data from the post data section of a POST request, getQuery() retrieves data from the query string of either a GET or POST request (as well as other HTTP Request methods).
(Note that GET Requests should not be used for anything that might produce a side effect, like altering a DB row)
So, in answer to your first question, use the getPost() and getQuery() methods, this way, you can be sure of where the data source (if you don't care, getParams() also works, but may include additional data).
What is the best practice for validating php input with this methods?
The best place to validate input is where you first use it. That is to say, when you pull it from getParams(), getPost(), or getQuery(). This way, your data is always correct for where you need it, and if you pass it off, you know it is safe. Keep in mind, if you pass it to another Controller (or Controller Action), you should probably check it again there, just to be safe. How you do this depends on your application, but it still needs to be checked.
not directly related to the topic, but
to insure that you get an number in your input, one could also use $var+0
(however if $var is a float it stays a float)
you may use in most cases
$id = $this->_request->getQuery('id')+0;