Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Controllers must have an index() function?
Controllers must have an index() function?
  • El Forum
    Guest
  •  
#11
05-05-2008, 05:24 AM

[eluser]Référencement Google[/eluser]
@Derek: Oops, yes I have missed that one! (2 years using CI and didn't see that...)
  • El Forum
    Guest
  •  
#12
05-05-2008, 05:26 AM

[eluser]Derek Allard[/eluser]
Hey man, I know exactly how you feel. I can top it. I wrote the DBForge library, and I still need to keep the manual page open in one tab as I use it Wink
  • El Forum
    Guest
  •  
#13
05-05-2008, 05:27 AM

[eluser]wiredesignz[/eluser]
Modular Extensions uses _remap() perfectly. This allows the Module name to be extracted from the URI and the Module run as needed.
  • El Forum
    Guest
  •  
#14
05-05-2008, 08:22 AM

[eluser]Ryuuzaki92[/eluser]
@elitemedia: i use it to display my user's profile:

eg:
profile/user1
profile/user2
profile/user3...

profile controller using _remap($username) function to grab everything

i also did some advance routings like user photos etc etc

profile/user1/photos
profile/user1/photos

Code:
function _remap($username, $page = NULL)
{
  // validate username....
  $user = $this->user->get_by_username($username);
  
  if ($page === NULL) {
    $this->profile($user);
  } else {
    // do some validation here
    // $this->$page();
  }
}
  • El Forum
    Guest
  •  
#15
05-05-2008, 09:04 AM

[eluser]Référencement Google[/eluser]
@wiredesignz: Thanks for the tip, I have not yet used your awesome lib but I plan to use it in my next project so I will look at the _remap function.

@Ryuuzaki92: Thanks for the concrete example, now that let me imagine concretely what I can do with this.
Just a question: Does CI make it enough secure to do a DB query directly from the url like in your example?
  • El Forum
    Guest
  •  
#16
05-05-2008, 11:47 PM

[eluser]Ryuuzaki92[/eluser]
i used the get_where() function in the user model. everything is escaped automatically by CI:

Code:
// user model
function get_by_username($username)
{
  return $this->db->get_where('users', array('username' => $username))->row();
}

read more about it here: http://ellislab.com/codeigniter/user-gui...ecord.html
  • El Forum
    Guest
  •  
#17
05-06-2008, 02:19 AM

[eluser]Référencement Google[/eluser]
Quote:i used the get_where() function in the user model. everything is escaped automatically by CI:

I know this, my question was more about a "paranoid security level".
So, my question is: Does CI active record escaping prevent every possible risk? What kind of security check should we use, maybe check before if a record exists? Or I am too much paranoid and CI active record escaping is enough?
  • El Forum
    Guest
  •  
#18
05-07-2008, 05:07 AM

[eluser]Ryuuzaki92[/eluser]
from the user quide:
Quote:Note: All values are escaped automatically producing safer queries.

normally you would read the return data and show a 404 page if the record does not exist.

Code:
$user = $this->user->get_by_username($username);

if (!$user->id) {
  show_404();
}




Theme © iAndrew 2016 - Forum software by © MyBB