I am sick of bad CodeIgniter's URL errors handling. I am going to Laravel

[eluser]term25[/eluser]
Don't get me wrong but handling URL errors in CodeIgniter is pretty bad.

E.g. if I have an URL:

Code:

http://localhost/article/154

Where 154 is $id of the article in db and a controller article looks like e.g.:

Code:

function index ($id = '')
{

// some code here

}

Now, when I type something like:

Code:

http://localhost/article/154dsdead34

I get an error because that id is not in my db. But, the php errors are shown on the page and the whole page is messedd up.

Instead I need a redirect to my controller called custom404 that can handle this (or if it is for some reason not possible at least a direct redirect('/'); to the homepage)

The same fix for variants like (to big $id number or not found in db):

Code:

http://localhost/article/3004534534534234600234

or (other parameters)

Code:

http://localhost/article/154/something/derer/asdasd

So, to fix that I need to use something like this in top of my controller function before other code:

Code:

if ( ! preg_match("~^article/\d+$~", $this->uri->uri_string())) {
    redirect('/');
}

and the routes settings like:

Code:

$route['article/(:any)'] = 'article/$1';

btw. this is not working:

Code:

$route['article/(:num)'] = 'article/$1';

Why the develers didn't do something like :

Code:

$route['article/(:any)(:stop,'/')'] = 'article/$1';

to stop acepting other parameters and redirect to homepage or something?

I am really upset from how difficult is to check and secure urls in Codeigniter ;(

If somebody knows about some better way of dealing with urls and routes in CI, let me know.

If I didn't find some way how to ease this url handling I will leave CI and go to Laravel or some other php framework that can do it better.

Thanks in advance.

[eluser]WanWizard[/eluser]
I don't get this rant.

You pass a value to a method, you're code borks because it does not exist in the database, and you blame that on the framework?

If this bothers you and you want the routing engine to do your URI parameter validation, why not fix it and send a pull request instead of complain about it? That way all CI users will get a better framework.

Every framework has it's good and bad points, so if you intend to switch frameworks every time an issue like this pops up, I wish you all the luck for the future.

[eluser]Narf[/eluser]
[quote author="term25" date="1352288513"]
btw. this is not working:

Code:

$route['article/(:num)'] = 'article/$1';

[/quote]

... not true and this is exactly what you need to use here.

Furthermore, these are routes, not filters or sanitizers. Whatever you do with those values afterwards is up to you and the router has no way of knowing that you'll pass them to a database.

[eluser]PhilTem[/eluser]
If errors screw up your code output then you didn't not do proper validation before echoing any code. That being said, a wrong parameter should be caught before even continuing work. I ran into this problem quite often myself, CI doesn't have an automated way of validating URI-parameters since this is not its intent.

So please, don't blame your lack of development of URI-parameter validation on this framework!

[eluser]term25[/eluser]
[quote author="Narf" date="1352291816"][quote author="term25" date="1352288513"]
btw. this is not working:

Code:

$route['article/(:num)'] = 'article/$1';

[/quote]

... not true and this is exactly what you need to use here.

I see you have a little experiece. E.g. If you use e.g.:

$route['article/(:num)'] = 'article/$1';

and try to access:

localhost/article/123drf

Guess what happened? ... ERROR!!! and no redirect('/'); will happen.

But if you use (:any) instead of (:num) with e.g. this code:

Code:

if ( ! preg_match("~^article/\d+$~", $this->uri->uri_string())) {
    redirect('/');
}

It redirects nicely.

Anyway, any advice for some nice sanitize plugin/helper/class/extension/raw source code? Or bye bye CodeIgniter?

[eluser]term25[/eluser]
[quote author="WanWizard" date="1352291152"]I don't get this rant.

You pass a value to a method, you're code borks because it does not exist in the database, and you blame that on the framework?

If this bothers you and you want the routing engine to do your URI parameter validation, why not fix it and send a pull request instead of complain about it? That way all CI users will get a better framework.

Every framework has it's good and bad points, so if you intend to switch frameworks every time an issue like this pops up, I wish you all the luck for the future.[/quote]

It's not about if the id exists, but the facts that for sanitation I have to use lines of code:

if ( ! preg_match("~^article/\d+$~", $this->uri->uri_string())) {
redirect('/');
}

, instead of one build in function in CI core that can hadle it!

It is a lack of CodeIgniter's developers and I hope a lot of people will see this post on the first page in Google search, so they will not choose CI as the php framework, because they will end up with tons of sanitizing lines or creating a ton of own functions and helpers that can be easily done via CI developer team if they will be wise enough to do so.

[eluser]term25[/eluser]
Is it so hard to create another functions for routing like e.g.

(top) - stop accepting another parameters if in url
(top,'/') - stop accepting another parameters and if in url and if yes redirect to default controller or homepage

so an route rule can look like:

Code:

$route['article/(:any)(:stop)'] = 'article/$1';

Why would I write another helper or code to sanitize such obvious cases.

Such options and deivates should be in core from version 1.7... no they are missing still in CI2

What a really wonderful framework!

BTW: In Laravel you can add filters, functions and stuff in routes, but not in CodeIgniter. Why?

[eluser]term25[/eluser]
[quote author="PhilTem" date="1352291896"]If errors screw up your code output then you didn't not do proper validation before echoing any code. That being said, a wrong parameter should be caught before even continuing work. I ran into this problem quite often myself, CI doesn't have an automated way of validating URI-parameters since this is not its intent.

So please, don't blame your lack of development of URI-parameter validation on this framework![/quote]

My $id is fine, but I am talking about the "bad" people who will try to break my site.

So, he pasted this code into my url:

Code:

http://localhost/article/123youreandindiot/and/you/even/didnt/notice/that

I now how to sanitize that.

BUT IT IS SO MUCH CODE!!!

No, help and build in CI functions that would help me write LESS!!!

DO YOU UNDERSTAND?

So, basically. I would suggest everybody to lean toward more and better Laravel 4 (not stable yet) however still better than CodeIgniter 2.

[eluser]Narf[/eluser]
If you see that I have little experience, then I can see that you're completely ignoring everything that has been said to you. I'll rephrase:

Routes are not filters or sanitizers! They will route what they match and that's all that they are supposed to do. If you put :num - it will only match all-digit segments and that's not bad.

If you get to grasp that, you'll know that it's pointless to match 'article/(whatever)' to 'article/$1'.
And that's also a bogus route, unless you're using _remap() - the second segment specifies the method to be called, not an argument to be passed to index(), so it would be a problem if you didn't get a 404 error.

This is all explained in the user guide: http://ellislab.com/codeigniter/user-gui...llers.html

Code:

class Article extends CI_Controller {

    // Before you ask, you don't need a default value for $id,
    // because if you have a _remap() method - it will ALWAYS
    // be called, regardless of any routes
    public function index($id)
    {
    }

    public function _remap($method, $params)
    {
        // We have a numeric value as the second segment
        if (ctype_digit($method))
        {
            return $this->index($method);
        }
        // Don't allow internal methods to be called directly,
        // assuming that you don't use protected or private to limit them
        // (or that even if so - you'd still prefix them with an underscore)
        // And THAT'S HOW you do sanitization
        elseif (is_callable(array($this, $params[0])) && $params[0][0] !== '_')
        {
            return call_user_func_array(array($this, $method), $params);
        }

        // You can sanitize the rest of your crazy logic here

        show_404();
    }
}

I'd be surprised if any other framework does what you want, simply because it's a bad practice. This is a framework and it's supposed to help you develop, not do the development for you. Sanitizing user input is your job and no machine code would know what your intention is in this case.

[eluser]term25[/eluser]

I’d be surprised if any other framework does what you want, simply because it’s a bad practice.

Check what can do Laravel 4 and what routes look like in Laravel 4 and how they help the developer to write less... DRY!!! :

https://laravel.viewscreencasts.com/d9ad...be608af48d#

Study and be wise my friend.

CodeIgniter's routing is so backwards when comparing with routing in Laravel 4.

[quote author="Narf" date="1352297228"]If you see that I have little experience, then I can see that you're completely ignoring everything that has been said to you. I'll rephrase:

Routes are not filters or sanitizers! They will route what they match and that's all that they are supposed to do. If you put :num - it will only match all-digit segments and that's not bad.

If you get to grasp that, you'll know that it's pointless to match 'article/(whatever)' to 'article/$1'.
And that's also a bogus route, unless you're using _remap() - the second segment specifies the method to be called, not an argument to be passed to index(), so it would be a problem if you didn't get a 404 error.

This is all explained in the user guide: http://ellislab.com/codeigniter/user-gui...llers.html

Code:

class Article extends CI_Controller {

    // Before you ask, you don't need a default value for $id,
    // because if you have a _remap() method - it will ALWAYS
    // be called, regardless of any routes
    public function index($id)
    {
    }

    public function _remap($method, $params)
    {
        // We have a numeric value as the second segment
        if (ctype_digit($method))
        {
            return $this->index($method);
        }
        // Don't allow internal methods to be called directly,
        // assuming that you don't use protected or private to limit them
        // (or that even if so - you'd still prefix them with an underscore)
        // And THAT'S HOW you do sanitization
        elseif (is_callable(array($this, $params[0])) && $params[0][0] !== '_')
        {
            return call_user_func_array(array($this, $method), $params);
        }

        // You can sanitize the rest of your crazy logic here

        show_404();
    }
}

I'd be surprised if any other framework does what you want, simply because it's a bad practice. This is a framework and it's supposed to help you develop, not do the development for you. Sanitizing user input is your job and no machine code would know what your intention is in this case.[/quote]