Can I use CodeIgniter's input class to xss clean GET data like this:
$somevar = $this->input->xss_clean($_GET['somevar']);
CodeIgniter's suggest that xss_clean method should be used for the submitted data.
I wonder whether $_GET vars are submitted or just visiting a URL.
So can i use it in that fashion?
Try using:
$this->input->get()
This function is identical to the post function, only it fetches get data:
$this->input->get('somevar', TRUE);
The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;
The GET array is unset by CI on startup because it uses the URI segments instead.
But you can use the xss_clean method on any var you want, just like your example, but you will find $_GET to be empty. The input class is available everywhere by default.
Related
I'm creating the WebSocket based application with Codeigniter. So, data is coming as a JSON string(not a POST Method). I want to use the Codeigniter's built-in form_validation method to validate the data received as JSON.
this is what I tried so far to set the variable so I can access it through $this->input->post('variable_name') but.
Try #1
$_POST['variable_name'] = !isset($data['variable_name']) ? NULL : $data['variable_name'];
Try #2
$variable_name = !isset($data['variable_name']) ? NULL : $data['variable_name'];
$this->form_validation->set_value("variable_name", $variable_name);
But when I use $this->input->post('variable_name')
it returns NULL.
Here is how I achieved it. Although, It doesn't seems to be an accurate solution but its simple and there is no work around.
I added only one line before execution of form validations
$_SERVER["REQUEST_METHOD"] = "POST";
and then set the variable like this
$_POST['post_var'] = "value";
Now set the validation rules and perform validation.
that's it :)
There's a method called set_data() that was introduced specifically to allow validation of non-POST inputs.
http://www.codeigniter.com/userguide3/libraries/form_validation.html#validating-an-array-other-than-post
In CakePHP, it is possible to get the called function string using the
$this->action
syntax. It returns the literal string of whatever is called, so if the URL is /do_this, it returns do_this, and if it's doThis it'll return doThis. Regardless of the called method's real name.
What I am looking for, on the other hand, is the called method's actual name, no matter the URL syntax.
Is there a way to find it out?
I'd preferably be able to do this in the beforeFilter method.
You should use the request object.
CakePHP 3.3 and below
$this->request->params['action'];
Since 3.4
$this->request->getParam('action');
I think this should contain the real method name that was called. CakePHPs router resolves the string URL to a controller / action pair and other args, all of that ends up in the request object. Read the documentation and do debug($this->request); in your beforeFilter() to see what else is there.
In CakePHP 2 you can use $this->action, in CakePHP 3 you must use $this->request->params['action']
The params array (CakePHP >= 3.4) is deprecated The correct way to get the current action within a controller is :
$currentAction = $this->request->getParam('action');
Have you taken a look at this?
Retrieving the name of the current function in php
This obviously will not work in the beforeFilter. You can set a variable:
private $action_name in the Controller and set it from within the methods and use it afterwards, in afterFilter
I am new to code Igniter framework, and I want to send querystring data, with $this->index(), function, how can i do this, I have done editing in config.php file, to accept query strings.
Your question is not clear at all. As an indication on how to work, though:
As it seems you already did, you must set to TRUE the "enable_query_string" config index:
$config['allow_get_array'] = TRUE;
$config['enable_query_strings'] = TRUE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
As you see, you also have an index for the $_GET array where controllers and models will be placed. In order to build a url (which you must do manually, since the helpers work with uri segments) you can do something like:
index.php?c=mycontroller&m=mymethod&var1=var1
which maps to Mycontroller() controller class and Mymethod() class method, and works the same as for uri segments. In your methods, to retrieve the query string variables after the method, you can:
use the $this->input->get('var1') input method to retrieve the query string part;
use the "regular" $_GET array (which you have enabled by passing TRUE to the config index, as above), $_GET['var1']
just pass the argument to the method (as in uri segments):
function mymethod($var1)
{
echo $var1;
{
"c" and "m" are default triggers, which you can obviously change to whatever you like (just set them in the 2 config indexes, of course).
In Code Igniter you may use $this->input->get() inside your controller functions. You can also use PHP's $_GET array. More information in the documentation at http://codeigniter.com/user_guide/libraries/input.html
I need to capture several parameters in a controller regardless of whether the were posted or they are in the url.
Does $this->_request->getParam('parameter') work regardless?
To make life easier and shorter code, you can use the _getParam function in your controllers:
$page = $this->_getParam('page', 1);
Note that the second function variable is the default value if the request didn't include that specific variable.
Short answer, yes.
If you are in the controller, you can access any POST of GET parameter by accessing the getParam() method like you said.
$this->getRequest()->getParam("foo") will get the parameter foo, if it is present in the URL via a get param, or in a POST. It will also get any user set parameters.
The
$this->getRequest()->getParams();
Will get several parameters regardless of the action type being sent (get or post).
$this->getRequest()->getParam('foo');
Will get you individual requested parameter.
i prefer always use short function:
$parameter = $this->_getParam('parameter');
I had a read of the documentation, but couldn't see an example of how it would be possible to use the variable in traditional PHP style of $_POST['var']
I'm pretty sure my URL is legit:
domain.com/module/controller/action/var/value/
Using the above as an example:
$var didn't work
$_POST['var'] didn't work
How is it done?
As presented in zend controller's documentation page you can retrieve parameters like this:
public function userinfoAction()
{
$request = $this->getRequest();
$username = $request->getParam('username');
$username = $this->_getParam('username');
}
You should also note that request documentation states:
In order to do some of its work, getParam() actually retrieves from several sources. In order of priority, these include: user parameters set via setParam(), GET parameters, and finally POST parameters. Be aware of this when pulling data via this method.
If you wish to pull only from parameters you set via setParam(), use the getUserParam().
Additionally, as of 1.5.0, you can lock down which parameter sources will be searched. setParamSources() allows you to specify an empty array or an array with one or more of the values '_GET' or '_POST' indicating which parameter sources are allowed (by default, both are allowed); if you wish to restrict access to only '_GET' specify setParamSources(array('_GET')).
$this->_request->getParam('paramName', $defaultValueToReturnIfParamIsNotSet);