Passing non-alphanumeric characters as parameters to a function in a Controller

Passing non-alphanumeric characters as parameters to a function in a Controller - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Passing non-alphanumeric characters as parameters to a function in a Controller (/showthread.php?tid=24152)

Passing non-alphanumeric characters as parameters to a function in a Controller - El Forum - 11-01-2009

[eluser]aidehua[/eluser]
Hi

I have a function called CheckUsernameExists($username) within a Controller class called Ajax.

Normally it works fine - called from a URI like this:

/ajax/checkusernameexists/johndoe
or
/ajax/checkusernameexists/janedoe

it correctly checks whether johndoe or janedoe exist.

But the $username comes from user input. If you enter non-alphanumeric characters (e.g. "john;,)doe"), the function breaks, with the error message "The URI you submitted has disallowed characters".

The URI is actually called by a JavaScript/Ajax function, so I have tried to escape the username in the JavaScript, like this

Code:
var user = document.getElementById('username').value;

    if (user!=''){

        user = escape(user); // <-- ** ESCAPE USERNAME HERE

    ajaxRequest.open("GET", "&lt;?= base_url() ?&gt;ajax/checkusernameexists/"+user, true);

    ajaxRequest.send(null); 

    }

but when non-alphanumeric characters are entered, I still see the error "An Error Was Encountered. The URI you submitted has disallowed characters."

I tried adding alert(user) just to check it was escaping correctly - and it seems to be. For example, if I enter 'john;;doe', it escapes in the Javascript correctly to 'john;;doe'. But I still get the error - even though % is a permitted URI character in my config.php file.

I'm really stuck on this, and I can't find the answer anywhere. But people must have to deal with this issue all the time. Any clues on how to solve it?

Thanks,

Ed

Passing non-alphanumeric characters as parameters to a function in a Controller - El Forum - 11-01-2009

[eluser]aidehua[/eluser]
I figured it out, I think.

I changed the Ajax open method from GET to POST, so I now send the username, with or without non-alphanumeric characters, in the POST parameters. Then I can clean it up on the server without worrying about using client-side Javascript to make it URI-compliant.

Here's the Javascript I ended up with

Code:
var user = document.getElementById('username').value;

    if (user!=''){

    url = "&lt;?= base_url() ?&gt;ajax/checkusernameexists/";

    var parameters = "user=" + user;

    ajaxRequest.open("POST", url, true);

    ajaxRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded")

    ajaxRequest.send(parameters)

    ajaxRequest.send(null); 

    }

Seems to work fine. Obvious, really, once you think of it.