Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Is it possible to call functions in libraries and models from the browser?
Is it possible to call functions in libraries and models from the browser?
  • El Forum
    Guest
  •  
#1
06-29-2011, 12:59 PM

[eluser]adityamenon[/eluser]
Hi all,

I recently ran into an issue I never considered before. If any of your functions in the controllers are fully dependent on parameters to execute properly, you must set default value as false and check for it when starting the function. Please disregard if you know this already Smile

Code:
class myClass extends CI_Controller{
  //this function relies on parameters
  function myFunction($parameter1)
  {
   $this->load->model('someModel');
   $derivedValue = $this->someModel->getValue($parameter1);
   //and so on....
  }
}

If I call the above in a browser...

http://mySite.com/myClass/myFunction/myParameter

But a malicious user can call

http://mySite.com/myClass/myFunction

Poor CI doesn't get the variable, and complains:
Code:
A PHP Error was encountered

Severity: Warning

Message: Missing argument 1 for Myclass::myFunction()

Filename: controllers/myclass.php

Line Number: 3
------------------------------------------------------------
A Database Error Occurred
Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY `id` asc LIMIT 1' at line 4

SELECT `whatever` FROM (`wherever`) WHERE `whatever` > ORDER BY `whatever` asc LIMIT 1

Filename: /the/full/path/to/your/home/folder/on/theServer.php

Line Number: 62

Waaah! Your personal nightmare, the cracker from hell, just got to know a lot of stuff about your class, about your server, and about your database. Christ!

So, I just learnt that you MUST do this!!!
Code:
class myClass extends CI_Controller{
  //this function relies on parameters
  //so set the default parameter as false
  function myFunction($parameter1 = false)
  {
   //check if the parameter was passed
   if(!$parameter)
     redirect(base_url()); //run to momma
   $this->load->model('someModel');
   $derivedValue = $this->someModel->getValue($parameter1);
   //and so on....
  }
}

If the parameter you need to pass is boolean, just change the default value to 'empty' or something else that works.

And no, __private() functions are not the answer all the time, some functions just HAVE to be public.

Coming to my question... I now know for sure that this is mandatory for all functions in my Controllers, I also feel apprehensive about Helpers so I'm handling that also. What about the functions in my Libraries and Models? I know that this line protects CI internal functions from getting accessed:
Code:
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

So is it superflous to include parameter checking inside Models and Libraries? Or is it better that I take no risk at all?
  • El Forum
    Guest
  •  
#2
06-29-2011, 01:07 PM

[eluser]adityamenon[/eluser]
Okay, I forgot about the environment global variable used in the index.php file at root. That solves a lot of problems. But still, I'm curious about the other question I wrote...
  • El Forum
    Guest
  •  
#3
06-29-2011, 03:13 PM

[eluser]misplacedme[/eluser]
The only person who will be able to call a function from a model or a library is the developer. A user won't be able to manipulate the url to run a query.
Considering this, you don't really HAVE to have variable checking in the model or library. However, it helps you remember what type of variables are required for the function.
When developing, you need to keep the future developers in mind, so keep it easy for them.
  • El Forum
    Guest
  •  
#4
06-30-2011, 12:43 AM

[eluser]C. Jiménez[/eluser]
If you set up a paremeter = FALSE in your function, you will have problems to diff between 0, not set, and false:
NULL is better for that work.
Code:
class myClass extends CI_Controller{
  //this function relies on parameters
  function myFunction($parameter1 = NULL)
  {
   if (!isset($parameter)) {
            redirect(base_url()); //run to momma
            return FALSE;
            }
   $this->load->model('someModel');
   $derivedValue = $this->someModel->getValue($parameter1);
   //and so on....
  }
}
  • El Forum
    Guest
  •  
#5
06-30-2011, 12:57 AM

[eluser]adityamenon[/eluser]
ah... I guess I can do a check for $var === false in that case.

also, returning false results in a blank page.... so I need to redirect to parent page...
  • El Forum
    Guest
  •  
#6
06-30-2011, 01:35 AM

[eluser]C. Jiménez[/eluser]
Sure $var === false works, but NULL concept is more close to "not set" than FALSE.
Anyway, some kind of cheking is always needed when taking parameters from user.
On $POST method there is form_validation, on parameters coming from uri segments we have to do it ourselves.

"also, returning false results in a blank page…. so I need to redirect to parent page… "

Yeah, right. I Just was editing my post to fix that. Now it does redirect.
  • El Forum
    Guest
  •  
#7
06-30-2011, 04:26 AM

[eluser]adityamenon[/eluser]
Yes, when it's a form I need to process I simply check for if($this->input->post('submit')) before doing anything...
  • El Forum
    Guest
  •  
#8
06-30-2011, 07:41 AM

[eluser]brucebat[/eluser]
Just out of curiosity what does the operator '===' mean?

I tried googling it.
  • El Forum
    Guest
  •  
#9
06-30-2011, 07:44 AM

[eluser]C. Jiménez[/eluser]
$A = (FLOAT)12 ;
$B = (INT) 12 ;

$A == $B //TRUE
$A === $B //FALSE, same content, different container.

http://es2.php.net/manual/en/language.op...arison.php
  • El Forum
    Guest
  •  
#10
06-30-2011, 08:37 AM

[eluser]Pedro Luz[/eluser]
The === also compares the type of data, it's only true if they are exactly the same




Theme © iAndrew 2016 - Forum software by © MyBB