Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Hash symbol in URL causes a problem
Hash symbol in URL causes a problem
  • Offline Goldie
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Mar 2015
    Reputation: 0
#1
03-24-2015, 06:42 AM

Hi
I'm currently using Codeigniter version 3.0rc3, but I've had the same problem in version 2.2 as well

My routes.php look like this
PHP Code:
$route['event/:num'] = "events/event"

config.php
PHP Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'

If I try to reach, for example
Code:
http://example.com/event/32
I'm getting expected results

If I try to reach
Code:
http://example.com/event/asd
I'm getting 404 Page Not Found
Also expected

If I try to reach
Code:
http://example.com/event/+34
I'm getting An Error Was Encountered The URI you submitted has disallowed characters.
Also expected

But I try to reach the same controller with just a hash symbol
Code:
http://example.com/event/#
I'm getting a database error because of if

I would appreciate if somebody could help me fix this problem.
Thanks.
Reply
  • Offline CroNiX
    Senior Member
  • ****
  • Posts: 428
    Threads: 0
    Joined: Jan 2015
    Reputation: 25
#2
03-24-2015, 07:46 AM

What does your events/event controller/method look like? How are you using the 3rd parameter (id) sent to it? Are you just running a query on the database to retrieve data for id "#"? I'm guessing that's where the issue is as I have no problem using #, however my segments DONT start with #, they're like site.com/controller/method#something
Reply
  • Offline mwhitney
    Posting Freak
  • *****
  • Posts: 1,101
    Threads: 4
    Joined: Nov 2014
    Reputation: 95
#3
03-24-2015, 09:00 AM

As CroNiX mentioned, this is most likely an issue with how you are handling your input.

In most cases, the # will not be included in the value checked against permitted_uri_chars (especially when the # is after the last slash in the URI), because the URI is passed through PHP's parse_url() function and the path and query portions are extracted, which do not include the #.

The actual database error (or at least the relevant part of it) would probably help determine what is happening, as I can't be sure whether you're receiving no input or receiving '#' as an input.
Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Reply
  • Offline Goldie
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Mar 2015
    Reputation: 0
#4
03-25-2015, 03:21 AM

Thank for the answers guys

(03-24-2015, 07:46 AM)CroNiX Wrote: What does your events/event controller/method look like? How are you using the 3rd parameter (id) sent to it? Are you just running a query on the database to retrieve data for id "#"? I'm guessing that's where the issue is as I have no problem using #, however my segments DONT start with #, they're like site.com/controller/method#something

I'm aware that my ID is # because I set that variable just like this
Code:
$id = $this->uri->segment(2);

...assuming that $this->uri->segment(2) is nothing but number, like I remapped it in routes.php
Reply
  • Offline includebeer
    CodeIgniter Team
  • Posts: 979
    Threads: 16
    Joined: Oct 2014
    Reputation: 38
#5
03-28-2015, 04:39 PM

(03-25-2015, 03:21 AM)Goldie Wrote:
Code:
$id = $this->uri->segment(2);

...assuming that $this->uri->segment(2) is nothing but number, like I remapped it in routes.php

Never assume anything coming from user input. You should type-cast to integer to be safe and minimize risk of SQL injection:

PHP Code:
$id = (int)$this->uri->segment(2); 
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/
Reply




Theme © iAndrew 2016 - Forum software by © MyBB