[eluser]maria clara[/eluser]
im referring to this "return $this->input->xss_clean(substr($string,0,$size));", here is my new code:
Code: $this->load->helper('MY_security_helper');
$fields = array(
'module_name'=>db_clean($_POST['module_name'],200),
'slug'=>db_clean($_POST['slug'],200),
'icon'=>db_clean($_POST['icon'],50),
'file_name'=>db_clean($_POST['file_name'],100),
'report_file_name'=>db_clean($_POST['report_file_name'],50),
'sql_select'=>db_clean($_POST['sql_select']),
'sql_filter'=>db_clean($_POST['sql_filter']),
'sql_order'=>db_clean($_POST['sql_order'])
);
$fields = array(
'module_name'=>$_POST['module_name'],
'slug'=>substr(dohash($_POST['slug']),0,200),
'icon'=>$_POST['icon'],
'file_name'=>$_POST['file_name'],
'report_file_name'=>$_POST['report_file_name'],
'sql_select'=>$_POST['sql_select'],
'sql_filter'=>$_POST['sql_filter'],
'sql_order'=>$_POST['sql_order']
);
[eluser]JHackamack[/eluser]
Try this out:
Code: $CI =& get_instance();
$fields = array(
'module_name'=>$CI->db_clean($_POST['module_name'],200),
'slug'=>$CI->db_clean($_POST['slug'],200),
'icon'=>$CI->db_clean($_POST['icon'],50),
'file_name'=>$CI->db_clean($_POST['file_name'],100),
'report_file_name'=>$CI->db_clean($_POST['report_file_name'],50),
'sql_select'=>$CI->db_clean($_POST['sql_select']),
'sql_filter'=>$CI->db_clean($_POST['sql_filter']),
'sql_order'=>$CI->db_clean($_POST['sql_order'])
);
$fields = array(
'module_name'=>$_POST['module_name'],
'slug'=>$CI->substr(dohash($_POST['slug']),0,200),
'icon'=>$_POST['icon'],
'file_name'=>$_POST['file_name'],
'report_file_name'=>$_POST['report_file_name'],
'sql_select'=>$_POST['sql_select'],
'sql_filter'=>$_POST['sql_filter'],
'sql_order'=>$_POST['sql_order']
);
[eluser]maria clara[/eluser]
i have used this code and now i dont have an error regarding the db_clean and xss_clean functions.
Code: $fields = array(
'module_name'=>$_POST['module_name'],
'slug'=>substr($_POST['slug'],0,200),
'icon'=>$_POST['icon'],
'file_name'=>$_POST['file_name'],
'report_file_name'=>$_POST['report_file_name'],
'sql_select'=>$_POST['sql_select'],
'sql_filter'=>$_POST['sql_filter'],
'sql_order'=>$_POST['sql_order']
);
but now i have a database error showing in my console
Quote:A Database Error Occurred
<p>Error Number: 1048</p><p>Column 'icon' cannot be null</p><p>INSERT INTO `erp_sec_reports` (`module_name`, `slug`, `icon`, `file_name`, `report_file_name`, `sql_select`, `sql_filter`, `sql_order`, `link`) VALUES ('4', 0, NULL, NULL, '4', '', '', '', 'reports/view')
because it says that the field icon and file_name is NULL...
[eluser]JHackamack[/eluser]
You aren't setting your $_POST['icon'] and your database is set up so that icon cannot be NULL. I would recommend you check your database setup.
[eluser]maria clara[/eluser]
i really set that icon and file_name fields should not be NULL. but it seems that it wasn't reading this two scripts
Code: 'icon'=>$_POST['icon'],
'file_name'=>$_POST['file_name'],
that's why the console says that they are UNDEFINED.. im working with uploading file in forms.
[eluser]JHackamack[/eluser]
if icon and file are files that you are uploading they are called $_FILES rather than $_POST
[eluser]maria clara[/eluser]
i have set icon and file_name fields to NULL in my database. here's now my new code.
Code: $fields = array(
'module_name'=>$_POST['module_name'],
'slug'=>substr($_POST['slug'],0,200),
'icon'=>$_FILES['file_name'],
'report_file_name'=>$_POST['report_file_name'],
'sql_select'=>$_POST['sql_select'],
'sql_filter'=>$_POST['sql_filter'],
'sql_order'=>$_POST['sql_order']
);
if ($_FILES){
$config['upload_path'] = './reports/module/';
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = '100';
$config['max_width'] = '1024';
$config['max_height'] = '768';
$config['remove_spaces'] = true;
$config['overwrite'] = false;
$this->load->library('upload', $config);
if (strlen($_FILES['icon']['file_name'])){
if(!$this->upload->do_upload('file_name')){
$this->upload->display_errors();
exit();
}
$image = $this->upload->data();
if ($image['file_name']){
$fields['icon'] = "reports/module/".$image['file_name'];
}
}
$this->upload->initialize($config);
/*if (strlen($_FILES['thumbnail']['name'])){
if(!$this->upload->do_upload('thumbnail')){
$this->upload->display_errors();
exit();
}
$thumb = $this->upload->data();
if ($thumb['file_name']){
$data['thumbnail'] = "reports/module/".$thumb['file_name'];
}
}*/
}
$item = $this->input->post("item");
$rows = $this->input->post("row0");
//echo print_r($file_name);
$data['item'] = $this->Reports->save($fields,$item,$rows);
//echo $this->db->last_query();
$c .= 'Successfully saved item';
error is referring to this line.
Quote:'icon'=>$_FILES['file_name'],
[eluser]JHackamack[/eluser]
If you would want to upload the file and then post the appropriate information in the database then you are already using the code:
Code: $fields['icon'] = "reports/module/".$image['file_name'];
correctly to set that value.
so you wouldn't need to use the below code:
Code: 'icon'=>$_FILES['file_name'],
[eluser]maria clara[/eluser]
i commented the 'icon'=>$_POST['file_name], and i got this message from my console.
Quote:<b>Fatal error</b>: ob_start() [<a href='ref.outcontrol'>ref.outcontrol</a>]: Cannot use output buffering in output buffering display handlers in <b>C:\xampp\htdocs\comunionerp\system\libraries\Exceptions.php</b> on line <b>160</b><br />
and i shows nothing in my browser. what does it mean??
[eluser]JHackamack[/eluser]
It seems that you either have a configuration variable to set to buffer the output of the browser and you're echoing things in your controller, or you are calling ob_start somewhere in your controller. Double check your config.php file in /Application/Config/config.php
|