Need help on query string |
[eluser]nandish[/eluser]
Hi I need to stop entering data in url example http://se.unoserv1.com/index.php/csubscr...e='nandish' if the user enter the data in the query string like uname='raj' and hit enter it will shows the data, but i need to stop this I tryed to set register_globals is off and register_argc_envc is off but it wont't work thanks
[eluser]andreagam[/eluser]
Don't get the user name via the query string. Use POST variables. Just a little advice for the forum: if you color your posts, people reading it will focus on the ugliness of the colour instead of reading and understanding you question... use the default. :-P
[eluser]Sumon[/eluser]
You may have a try with changing config\config.php file Code: $config['enable_query_strings'] = FALSE; // Turn it to FALSE
[eluser]nandish[/eluser]
I checked out in confing.php file, its already FALSE Is there any other way to avoid..
[eluser]Michael Wales[/eluser]
Could you please paste the code that uses that specific variable (I assume it's within a SQL WHERE statement).
[eluser]Sumon[/eluser]
would you please post your controller(csubscript) here.
[eluser]nandish[/eluser]
[size=1]<?php /* Created By Nandish on 13th June 2008 */ Class Csubscript extends Controller{ function Csubscript(){ parent::Controller(); $this->load->model('Msubscript'); $this->load->library('SEHelper'); } //----------------------------------------------------------------------------------------------------------------- function index(){ if(!$this->sehelper->checkSession()) return; $roleid = $this->sehelper->getUserRole(); $schname = $this->sehelper->getUserShortSchoolName(); $year = date('Y'); //initially assigning year , state and school when the page loads $state = ''; $schName = ''; $this->showData($state,$schName,$year); } //------------------------------------------------------------------------------------------------------------------- // get the schools dropdown according to the particular value of state function schoolDdown(){ if(!$this->sehelper->checkSession()) return; $state = $this->uri->segment(3); $result = $this->Msubscript->getschool($state); echo "School:<select id='lschl' name='lschl'>"; if(count($result)>0){ echo "<option value='Select a School'>Select a School</option>"; foreach($result as $item){ echo "<option value='".$item['s_school_name']."'>".$item['s_school_name']."</option>"; } "</select>"; }else { echo "There is No SCHOOLS to display"; } } //------------------------------------------------------------------------------------------------------------------- // get the year dropdown according to the particular value of school function yearDdown(){ if(!$this->sehelper->checkSession()) return; $school = $this->uri->segment(3); if($school == 'ALL'){ //if the user select All (school name) $school = '%'; } $result = $this->Msubscript->getyear($school); if(count($result)>0){ echo "Year:<select name='lyear' id='lyear'>"; foreach($result as $item){ echo "<option value='".$item['s_year']."'>".$item['s_year']."</option>"; } echo "</select>"; }else { echo "There is No YEAR to display"; } } //------------------------------------------------------------------------------------------------------------------- function showData($state,$schName,$year){ if(!$this->sehelper->checkSession()) return; // Checking User Role Privilage $privId = "WEBUSER_SUBSCRIPTION"; $userRole = $this->sehelper->getUserRole(); if ($this->SEModel->checkRolePrivileges($privId, $userRole) == "0"){ redirect(''); } $data['sres'] = $this->Msubscript->getAllstate(); //initially loading all states in state dropdown $allSchools = $this->Msubscript->getAllschools(); //initially loading all schools in school dropdown $data['yres'] = $this->Msubscript->getAllyear(); //initially loading all year in year dropdown $data['Aroles'] = $this->Msubscript->getAllroles(); $data['Aplans'] = $this->Msubscript->getAllplans(); // Check if State has valid value if ($state == '') { $state = 'MI'; } // Check if School Name is passed in or not. // If so, pick the first school in the array. if ($schName == '') { foreach ($allSchools as $rec) { $schName = $rec['s_school_name']; break; } } // For safety, just initialize to Troy Athens High if ($schName == ''){ $schName = 'Troy Athens High'; } $data['schres'] = $allSchools; //storing all schools in an array $data['res'] = $this->Msubscript->getAlldata($state,$schName,$year); //get user information $data['gstate'] = $state; $data['schname'] = $schName; $data['Year'] = $year; $this->load->view('vsubscript',$data); } //-------------------------------------------------------------------------------------------------------------------- function usreload(){ //reloading the user subscription page with different values; if(!$this->sehelper->checkSession()) return; error_reporting(0); if(isset($_REQUEST['ustate'])){ $ustate = $_REQUEST['ustate']; } if(isset($_REQUEST['lschl'])){ $uschl = $_REQUEST['lschl']; if($uschl == 'ALL'){ $uschl = '%'; } } if(isset($_REQUEST['lyear'])){ $uyear = $_REQUEST['lyear']; } $this->showData($ustate,$uschl,$uyear); }[/size]
[eluser]nandish[/eluser]
function updateUsdata(){ if(!$this->sehelper->checkSession()) return; //updating user information error_reporting(0); if(isset($_REQUEST['uName'])){ $Name = $_REQUEST['uName']; // fullname of user ex; firstname+lastname $spName = explode(" ",$Name); // spliting $firstName = $spName[0]; // assiginig value for firstName and lastName if($spName[1] == ""){ // if the user enter only first like Kumar,Instead of Kumar Bhograju. $lastName = $spName[0]; }else{ $lastName = $spName[1]; } } if(isset($_REQUEST['ustate'])){ $state = $_REQUEST['ustate']; //Note: we are using two forms submit } // 1)reloading view page else{ // 2)updating data $state = $this->uri->segment(3); //getting state value(submit form value) with the help of javascript - } //when we submit update form if(isset($_REQUEST['uRole'])){ $Role = $_REQUEST['uRole']; } if(isset($_REQUEST['uPlan'])){ $Plan = $_REQUEST['uPlan']; } if(isset($_REQUEST['lyear'])){ $year = $_REQUEST['lyear']; }else { $year = $this->uri->segment(5); //getting year value (submit form value) with the help of javascript - } //when we submit update form if(isset($_REQUEST['lschl'])){ $schName = $_REQUEST['lschl']; }else{ $schName = $this->uri->segment(4); //getting year value (submit form value) with the help of javascript - } //when we submit update form if(isset($_REQUEST['uId'])){ $userId = $_REQUEST['uId']; //Accroding the userID,Updating userInformation in //tbl_user_subscriptions and //tbl_users. } $this->Msubscript->updateUserInfo($Plan,$Role,$firstName,$lastName,$userId); //updating if($schName == 'ALL'){ $schName = '%'; } $this->showData($state,$schName,$year); //reloading the page after updating } //--------------------------------------------------------------------------------------------------------------- } ?> |
Welcome Guest, Not a member yet? Register Sign In |