| How to use query strings with CodeIgniter and stay alive to talk about it |
[eluser]MadZad[/eluser]
rankorn, Looks like a very nice solution. Faced with that issue, I probably would have enabled GET and relied on the user guide and whatever forum posts I would have found - and I'll bet you explored that as well. What I really like about your approach is the attitude of "for THIS PARTICULAR url, I'll give the query string to a specific controller". That contains the functionality and avoids global changes for an issue that is probably the exception. Kudos. The one thing I'll recommend is to have defensive code in MyController for handling the query string. Immediately calling parse_str is tempting, but the query string can be anything and I'd consider it malicious until proven otherwise. I'm a big fan of whitelisting input. So, in your example, whitelisting could ONLY produce local variables of var1 and var2. There was a nice 3-part article in php|architect back in July-Sept 2005 on whitelisting that I could recommend. For example, pass an array to parse_str, then your whitelisting code can turn only expected elements into local vars. After whitelisting, of course validate the values, and plan on handling bad input. |
| Messages In This Thread |
|
How to use query strings with CodeIgniter and stay alive to talk about it - by El Forum - 03-18-2008, 06:09 PM
How to use query strings with CodeIgniter and stay alive to talk about it - by El Forum - 03-19-2008, 09:39 AM
How to use query strings with CodeIgniter and stay alive to talk about it - by El Forum - 03-19-2008, 04:07 PM
How to use query strings with CodeIgniter and stay alive to talk about it - by El Forum - 03-21-2008, 01:03 AM
How to use query strings with CodeIgniter and stay alive to talk about it - by El Forum - 03-21-2008, 05:37 AM
How to use query strings with CodeIgniter and stay alive to talk about it - by El Forum - 03-24-2008, 07:35 AM
|
