| How can I secure this little. |
[eluser]phantom-a[/eluser]
I created a redirection. Basically they click on the link on my Directory script I'm creating and it looks like this. http://example.com/index.php/go/hits/1 Where the 1 on the end of hits is the ID used in the Mysql query to find the corresponding url the script loads view/redirect_url.php where I put print the url in a javascript redirect. But what if that number doesn't exist?? What if someone puts some numbers on by purpsoe or puts letters on it? Right now it will show a blank page. I would like to show a 404 not found. This my code, how can make an if statement that checks the ID in the query so that if the ID doesn't exist it would echo a not found error? Code: function hits()
[eluser]Frank Berger[/eluser]
try this: Code: function hits() {
[eluser]phantom-a[/eluser]
Thanks Frank that works.  Except for that ob_end_clean() it makes a PHP error occur.What about if someon inserts a letter into the ID? like hits/1a It throws instead a SQL error. Quote:A Database Error Occurred
[eluser]Frank Berger[/eluser]
Oh ok, wasn't sure if something collected output or not. It's (just) a notice anyway in that case. remove the ob_end_clean(), no harm anyway. for your other problem 2 possibilities: 1.) if you want to force the query to work do it like this: Code: $data['query'] = $this->db->query('SELECT `url` FROM `links` WHERE `id`='.intval($this->uri->segment(3)).'');2 => 2 '2a' => 2 'a2' => 0 'a' => 0 you can then for example insert a url with the id=0 which is an errorpage in fact, or just don't insert a 0 and let the failover catch it. it is btw good practice to do the intval anyway, to catch 'missgivings' 2.) you can qualify your input: Code: function hits() {hope this helps better cheers Frank edit: it's is_int, not isint
[eluser]phantom-a[/eluser]
Once again Frank thanks Your method didn't not work, it threw parse error, unexpected T_VARIABLE on the line Code: if (is_int($this->uri->segment(3)) $data['query'] = $this->db->query('SELECT `url` FROM `links` WHERE `id`='.intval($this->uri->segment(3)).''); // only execute if the id is an intBut I didn't know about intval() and I"m always up for learning about the Variable handling Functions. This was great you mentioned this. So Thought of just passing the segment ID into it first then pass it into the query as you see my code, this which works now 100%. Code: $data['title'] = "Redirection..";
[eluser]Crimp[/eluser]
CI has built in error handling. It's very handy. See the user guide. I like the custom template for situations where people may speculate in an article ID or similar; you can then put up a page stating that the article in question is not available and offer some options for redirection.
[eluser]phantom-a[/eluser]
[quote author="Crimp" date="1220874905"]CI has built in error handling. It's very handy. See the user guide. I like the custom template for situations where people may speculate in an article ID or similar; you can then put up a page stating that the article in question is not available and offer some options for redirection.[/quote] ah good call, So change my code to now. Code: if ($data['query']->num_rows() != 1) { // check if the ID exists or 404 pageWhich looks a better showing the nice css styled CI 404 page.
[eluser]Sumon[/eluser]
It's not 404 by the way. it's error_general.php not error_404.php 
|
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
