Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Developing CI Based Forum - WIP
Developing CI Based Forum - WIP
  • El Forum
    Unregistered
  •  
#30
01-30-2013, 04:38 PM

[eluser]Aken[/eluser]
It was an example -- I have no idea how your routes or other logic is set up to prevent messing with the URI, but that's my point. Never trust anything that the user can manipulate, and that includes the URI segments (which, btw, I do not believe are covered by XSS clean in any way, if I remember correctly). Also, remember that just because it's protected from shenanigans doesn't mean that it's the proper format you need. If you're expecting a number, and I write "hispurdy", it'll pass XSS stuff all day long, but could throw errors for not being an integer as expected. That's what you want to prevent with data checks / sanitization.

A major benefit of verifying the structure of your URI segment is that, if it is incorrect, you can throw an error without needing to run a query at all. That's obviously way better for performance.

Once it's in the proper format (letters, numbers, dashes, whatever you're allowing), then you can run your query. However, I think it's a good idea to run a single query first, that pulls your basic info for that particular section (its details, permissions, etc.). You don't need to tie that in with another huge query for the threads and posts info, and again, if anything goes wrong, you won't need to run that query anyway (this is tied with #1).


Messages In This Thread
Developing CI Based Forum - WIP - by El Forum - 08-10-2012, 12:22 AM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 03:26 AM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 06:23 AM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 09:28 AM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 12:48 PM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 03:04 PM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 04:55 PM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 05:01 PM
Developing CI Based Forum - WIP - by El Forum - 08-11-2012, 05:21 PM
Developing CI Based Forum - WIP - by El Forum - 08-17-2012, 01:25 PM
Developing CI Based Forum - WIP - by El Forum - 08-17-2012, 05:23 PM
Developing CI Based Forum - WIP - by El Forum - 08-17-2012, 05:32 PM
Developing CI Based Forum - WIP - by El Forum - 08-17-2012, 05:41 PM
Developing CI Based Forum - WIP - by El Forum - 08-17-2012, 05:44 PM
Developing CI Based Forum - WIP - by El Forum - 08-18-2012, 07:39 AM
Developing CI Based Forum - WIP - by El Forum - 08-19-2012, 01:26 PM
Developing CI Based Forum - WIP - by El Forum - 12-29-2012, 06:03 AM
Developing CI Based Forum - WIP - by El Forum - 12-29-2012, 04:39 PM
Developing CI Based Forum - WIP - by El Forum - 12-30-2012, 07:11 AM
Developing CI Based Forum - WIP - by El Forum - 01-03-2013, 10:36 PM
Developing CI Based Forum - WIP - by El Forum - 01-04-2013, 05:05 AM
Developing CI Based Forum - WIP - by El Forum - 01-04-2013, 12:25 PM
Developing CI Based Forum - WIP - by El Forum - 01-07-2013, 01:20 AM
Developing CI Based Forum - WIP - by El Forum - 01-07-2013, 07:00 PM
Developing CI Based Forum - WIP - by El Forum - 01-14-2013, 06:03 AM
Developing CI Based Forum - WIP - by El Forum - 01-25-2013, 06:57 AM
Developing CI Based Forum - WIP - by El Forum - 01-28-2013, 04:29 PM
Developing CI Based Forum - WIP - by El Forum - 01-28-2013, 06:33 PM
Developing CI Based Forum - WIP - by El Forum - 01-29-2013, 06:22 PM
Developing CI Based Forum - WIP - by El Forum - 01-30-2013, 04:38 PM
Developing CI Based Forum - WIP - by El Forum - 02-04-2013, 06:59 PM



Theme © iAndrew 2016 - Forum software by © MyBB