Hash symbol in URL causes a problem |
Hi
I'm currently using Codeigniter version 3.0rc3, but I've had the same problem in version 2.2 as well My routes.php look like this PHP Code: $route['event/:num'] = "events/event"; config.php PHP Code: $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; If I try to reach, for example Code: http://example.com/event/32 If I try to reach Code: http://example.com/event/asd Also expected If I try to reach Code: http://example.com/event/+34 Also expected But I try to reach the same controller with just a hash symbol Code: http://example.com/event/# I would appreciate if somebody could help me fix this problem. Thanks.
What does your events/event controller/method look like? How are you using the 3rd parameter (id) sent to it? Are you just running a query on the database to retrieve data for id "#"? I'm guessing that's where the issue is as I have no problem using #, however my segments DONT start with #, they're like site.com/controller/method#something
As CroNiX mentioned, this is most likely an issue with how you are handling your input.
In most cases, the # will not be included in the value checked against permitted_uri_chars (especially when the # is after the last slash in the URI), because the URI is passed through PHP's parse_url() function and the path and query portions are extracted, which do not include the #. The actual database error (or at least the relevant part of it) would probably help determine what is happening, as I can't be sure whether you're receiving no input or receiving '#' as an input.
Thank for the answers guys
(03-24-2015, 07:46 AM)CroNiX Wrote: What does your events/event controller/method look like? How are you using the 3rd parameter (id) sent to it? Are you just running a query on the database to retrieve data for id "#"? I'm guessing that's where the issue is as I have no problem using #, however my segments DONT start with #, they're like site.com/controller/method#something I'm aware that my ID is # because I set that variable just like this Code: $id = $this->uri->segment(2); ...assuming that $this->uri->segment(2) is nothing but number, like I remapped it in routes.php
(03-25-2015, 03:21 AM)Goldie Wrote: Never assume anything coming from user input. You should type-cast to integer to be safe and minimize risk of SQL injection: PHP Code: $id = (int)$this->uri->segment(2);
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/ |
Welcome Guest, Not a member yet? Register Sign In |