Create account



CodeIgniter.com Twitter      


  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Hash symbol in URL causes a problem

Offline Goldie
Newbie
*
Posts: 2
Threads: 1
Joined: Mar 2015
Reputation: 0
#1
03-24-2015, 06:42 AM
Hi
I'm currently using Codeigniter version 3.0rc3, but I've had the same problem in version 2.2 as well

My routes.php look like this
PHP Code:
$route['event/:num'] = "events/event"

config.php
PHP Code:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'

If I try to reach, for example
Code:
http://example.com/event/32
I'm getting expected results

If I try to reach
Code:
http://example.com/event/asd
I'm getting 404 Page Not Found
Also expected

If I try to reach
Code:
http://example.com/event/+34
I'm getting An Error Was Encountered The URI you submitted has disallowed characters.
Also expected

But I try to reach the same controller with just a hash symbol
Code:
http://example.com/event/#
I'm getting a database error because of if

I would appreciate if somebody could help me fix this problem.
Thanks.
Find
Reply

Offline CroNiX
Senior Member
****
Posts: 428
Threads: 0
Joined: Jan 2015
Reputation: 25
#2
03-24-2015, 07:46 AM
What does your events/event controller/method look like? How are you using the 3rd parameter (id) sent to it? Are you just running a query on the database to retrieve data for id "#"? I'm guessing that's where the issue is as I have no problem using #, however my segments DONT start with #, they're like site.com/controller/method#something
Find
Reply

Offline mwhitney
Posting Freak
*****
Posts: 1,101
Threads: 4
Joined: Nov 2014
Reputation: 95
#3
03-24-2015, 09:00 AM
As CroNiX mentioned, this is most likely an issue with how you are handling your input.

In most cases, the # will not be included in the value checked against permitted_uri_chars (especially when the # is after the last slash in the URI), because the URI is passed through PHP's parse_url() function and the path and query portions are extracted, which do not include the #.

The actual database error (or at least the relevant part of it) would probably help determine what is happening, as I can't be sure whether you're receiving no input or receiving '#' as an input.
Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Find
Reply

Offline Goldie
Newbie
*
Posts: 2
Threads: 1
Joined: Mar 2015
Reputation: 0
#4
03-25-2015, 03:21 AM
Thank for the answers guys

(03-24-2015, 07:46 AM)CroNiX Wrote: What does your events/event controller/method look like? How are you using the 3rd parameter (id) sent to it? Are you just running a query on the database to retrieve data for id "#"? I'm guessing that's where the issue is as I have no problem using #, however my segments DONT start with #, they're like site.com/controller/method#something

I'm aware that my ID is # because I set that variable just like this
Code:
$id = $this->uri->segment(2);

...assuming that $this->uri->segment(2) is nothing but number, like I remapped it in routes.php
Find
Reply

Offline includebeer
Super Moderator
******
Posts: 641
Threads: 14
Joined: Oct 2014
Reputation: 24
#5
03-28-2015, 04:39 PM
(03-25-2015, 03:21 AM)Goldie Wrote:
Code:
$id = $this->uri->segment(2);

...assuming that $this->uri->segment(2) is nothing but number, like I remapped it in routes.php

Never assume anything coming from user input. You should type-cast to integer to be safe and minimize risk of SQL injection:

PHP Code:
$id = (int)$this->uri->segment(2); 
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
Website Find
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.