[eluser]aidehua[/eluser]
Hi
I have a function called CheckUsernameExists($username) within a Controller class called Ajax.
Normally it works fine - called from a URI like this:
/ajax/checkusernameexists/
johndoe
or
/ajax/checkusernameexists/
janedoe
it correctly checks whether
johndoe or
janedoe exist.
But the $username comes from user input. If you enter non-alphanumeric characters (e.g. "
john;,)doe"), the function breaks, with the error message "
The URI you submitted has disallowed characters".
The URI is actually called by a JavaScript/Ajax function, so I have tried to escape the username in the JavaScript, like this
Code:
var user = document.getElementById('username').value;
if (user!=''){
user = escape(user); // <-- ** ESCAPE USERNAME HERE
ajaxRequest.open("GET", "<?= base_url() ?>ajax/checkusernameexists/"+user, true);
ajaxRequest.send(null);
}
but when non-alphanumeric characters are entered, I still see the error "
An Error Was Encountered. The URI you submitted has disallowed characters."
I tried adding alert(user) just to check it was escaping correctly - and it seems to be. For example, if I enter '
john;;doe', it escapes in the Javascript correctly to '
john;;doe'. But I still get the error - even though
% is a permitted URI character in my config.php file.
I'm really stuck on this, and I can't find the answer anywhere. But people must have to deal with this issue all the time. Any clues on how to solve it?
Thanks,
Ed