CodeIgniter Forums
Best way to solve unwanted uri characters. - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Best way to solve unwanted uri characters. (/thread-2496.html)



Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]eedfwChris[/eluser]
Basically I have something like...

/view/2

where 2 is the id of some article.

What is the best way to prevent people from typing say... "e" in there and generating a SQL error?


Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]sophistry[/eluser]
um...
Code:
if ($id ===2)
{
//do sql
}



Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]BravoAlpha[/eluser]
Cast the id string to an integer? PHP Manual: Type Juggling


Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]eedfwChris[/eluser]
[quote author="sophistry" date="1186625865"]um...
Code:
if ($id ===2)
{
//do sql
}
[/quote]

Uh... ANY number... not just 2...

[quote author="BravoAlpha" date="1186628265"]Cast the id string to an integer? PHP Manual: Type Juggling[/quote]

I just want it to err out if it's anything but an integer.

There isn't some sort of validation that I do with codeigniter specifically for URI segments? In theory I could do something like:
Code:
if (is_numeric($id))
{
// sql
}



Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]sophistry[/eluser]
there you go. you answered your own question. nicely done. :-)

btw, there is no special CI validation on URI segments.

that is one of the main things to learn when using CI - don't forget about PHP. CI helps you but there is still the whole entire set of PHP functions available to you at any moment.

good luck and let us know how you do going forward.


Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]Michael Wales[/eluser]
I am assuming this ID is referencing an ID within a table - therefore, you don't just want to determine if it's numeric and allow it to run.

In the model that is returning data for this controller - have it checks the num_rows() and return FALSE if it's 0, then plan accordingly within your controller.

This way, someone can't pass /view/29834798327493249873294798324783274082378047 and your site go "WTF!?"


Best way to solve unwanted uri characters. - El Forum - 08-08-2007

[eluser]座頭市[/eluser]
The ctype functions are your friends.

Code:
if (!ctype_digit($foo)) {
   $msg = 'Exactly what are you trying to pull?';
   show_error($msg);
   exit;
}

/*
| Rest of code here...
*/



Best way to solve unwanted uri characters. - El Forum - 08-09-2007

[eluser]mipa[/eluser]
Or you could always use regular expressions:

Code:
if (preg_match('/^[0-9]{1,2}$/', $param)) {
  // do something
}



Best way to solve unwanted uri characters. - El Forum - 08-09-2007

[eluser]eedfwChris[/eluser]
[quote author="walesmd" date="1186639647"]I am assuming this ID is referencing an ID within a table - therefore, you don't just want to determine if it's numeric and allow it to run.

In the model that is returning data for this controller - have it checks the num_rows() and return FALSE if it's 0, then plan accordingly within your controller.

This way, someone can't pass /view/29834798327493249873294798324783274082378047 and your site go "WTF!?"[/quote]

Yea, my problem was when you type in a non numeric character like "e" in my example the query would go "WTF!?" because I am not quoting it in the query (as I am comparing an integer not a string).

Anyhoo, thanks guys! I will be using ctype_digit... This solves the decimal problem I was thinking by using is_numeric.