Empty URI param transformed to 0

[eluser]Zarate[/eluser]
Hi there,

I'm using an URI parameter to run a getwhere query, something like this:

Code:

$q = $this->db->getwhere('language', array('shortID' => $short_id));

$short_id is passed as a parameter to the function but its value comes from $this->uri->segment(1).

The thing is that if i take a look to the actual query it looks like this:

Code:

SELECT * FROM language WHERE shortID = 0

Is this the expected behavior? I'd expect this instead:

Code:

SELECT * FROM language WHERE shortID = ""

And now that i've opened a post another 2 small questions. I had to go to DB_active_rec.php to find out the actual query, i'm there should be an easier way to find it por debug purposes.

And, are all the paramteres used in getwhere and the likes sanitized against SQL injection or do i have to do it myself? I've seen a validation class, but haven't looked at it yet.

Thanks!

[eluser]John Fuller[/eluser]
You can use profiling to show queries that your page runs.

I am not sure what an empty segment runs but apparently for you the output is zero.

Either way, why not run a check on segment_1 before you use it for anything? Run the check, if there is nothing there then run a different query. You should probably always run checks for your dynamic data to make sure it is returning what you expect it to return. Also, a user can manipulate the URL, so you might want to do checks for that as well.

Yes, there is a validation class, you should read up on it. You probably should sanitize your data before it gets to the point of dealing with "get_where" and that is what the validation class will do for you.

[eluser]wiredesignz[/eluser]

Code:

$q = $this->db->getwhere('language', array('shortID' => "'{$short_id}'"));

that may still produce '0' unfortunately, post back if it does.

[eluser]Zarate[/eluser]
Hi again,

It does indeed. The actual query looks now like this:

Code:

SELECT * FROM language WHERE shortID = '\'\''

I'm planning to use the validation class anyway, but i think this is something weird, an empty string should be a valid value for a query. Or am i wrong?

I'm taking a look to where the empty string gets translated to 0, but might take me a while. Can you please point me to the right place? I'll give it a go and try to find a patch myself.

Apart from that, thanks for the pointer to the profiling class!

And thanks for your time.

Juan

[eluser]isaiahdw[/eluser]
The nice thing about it returning 0(or FALSE) is you can do a simple check like this "if($this->uri->segment(4))... ". This is also true for $this->input->post(), it will return 0 or FALSE if it's not set.