CodeIgniter Forums
Misleading passage in user_guide - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Misleading passage in user_guide (/showthread.php?tid=6728)

Pages: 1 2

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]Michael Wales[/eluser]
Quote:I’ve been guilty of relying on the database class cleaning by passing uri segments to the query but lets say the segment needs to be a number but it is a string with validation the rendering should be stopped before querying the database. With the current validation library it’s impossible to do

Code:
function getPost($id = NULL) {
  if (($id !== NULL) && (is_int($id)) {
    // Show Post
  } else {
    redirect('');
    return;
  }
}

Maybe I am missing something or the intent of your comments xwero?

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]xwero[/eluser]
I did a similar, unnessecary, redirect for the pagination library. I know you can do these checks using common code but it would be nice if you could do it like this
Code:
function getPost($id = NULL) {
  // loaded validation library before
  if ($this->validation->exec_rule('numeric',$id,'path')) {
    // Show Post
  } else {
    redirect('');
    return;
  }
}
Using the validation methods you can identify the checks you do, or didn't do. And if you have to do multiple checks you can bundle them like you are used to for the form inputs. But i think we better continue this discussion in my reloaded validation class before jTaby starts complaining we hijacked his thread.

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]Majd Taby[/eluser]
no it's cool, i thought I might bring it to somebody's attention. but to give my 2 cents, GET isn't any less secure than POST, you can send any info you want into POST (look at the temper extention for firefox). The way CI handles URLs sure looks pretty, but there's no strong binding between the key and the value. Moreover, what's to stop somebody from modifying the pretty url? and finally, it's up to the developer to make the GET url secure, same way it's up to the developer to make mySQL, javascript, and everything else secure.

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]xwero[/eluser]
i think if you configure CI with
Code:
$config['uri_protocol'] = 'AUTO';
// ...
$config['enable_query_strings'] = TRUE;
And you can reach a method with index.php/class/method and index.php?c=class&m=method it can create confusion because index.php/class/method/var1/var2 isn't the same as index.php?c=class&m=method&var1=one&var2=two? If i'm not mistaken uri->segment(3) would return var1 for the pathinfo url and one for the query string url, right?

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]Majd Taby[/eluser]
I couldn't tell you for sure, but CodeExtinguisher is working interchangeably.

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]xwero[/eluser]
I checked it and the uri segment method doesn't work when there is a query string as url. In order to get the segment you have to use GET[''] or the CI input->get(''). I did another test with a parameter in the method
Code:
function somepage($test)
And using the query string i got an error.

I like the pathinfo urls but if you are changing from pathinfo to query string url you are going to have to rewrite all segment caching code.

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]Majd Taby[/eluser]
ah I see, there's a misunderstanding, I meant to say that I can use regular CI-style url's and use segment(3), or I can use regular GET urls...not mix them together.

Misleading passage in user_guide - El Forum - 03-10-2008

[eluser]xwero[/eluser]
So for CI people who use query strings make things harder for themselves because all CI does is loading the class and the method?