CodeIgniter Disallowed Key Characters

Question

CodeIgniter is giving me a Disallowed Key Characters error  I ve narrowed it down to the name attribute of a form field  name  prod 50-4121 5   but I m not sure what to do about it

User · Answer

I had the same problem thanks to french specials characters. Here is my class in case anybody needs it. It has to be saved here : /application/core/MY_Input.php

(also this extension will report witch character is not allowed in the future)

class MY_Input extends CI_Input {

function __construct()
{
    parent::__construct();
}

/**
* Clean Keys
*
* This is a helper function. To prevent malicious users
* from trying to exploit keys we make sure that keys are
* only named with alpha-numeric text and a few other items.
*
* @access   private
* @param    string
* @return   string
*/
function _clean_input_keys($str)
{
    if ( ! preg_match("/^[a-z0-9:_\/-àâçéèêëîôùû]+$/i", $str))
    {
        exit('Disallowed Key Characters : '.$str);
    }

    // Clean UTF-8 if supported
    if (UTF8_ENABLED === TRUE)
    {
        $str = $this->uni->clean_string($str);
    }

    return $str;
}

}

Read The Friendly Manual about core classes extension : http://ellislab.com/codeigniter/user-guide/general/core_classes.html

User · Answer

Step1  Search for function  clean input keys on  system core Input php  Step2  Modify this line  exit    Disallowed Key Characters        to  exit    Disallowed Key Characters        str    Step3  Refresh page to see the characters which generate the error  Step4  If you need to add those characters into the exception list  just add to this line     if     preg match       a-z0-9   -     i      str     I add    pipe  character on the example above

User · Answer

I had the same error after I posted a form of mine  they have a space in to my input name attributes  input name      first name    Fixing that got rid of the error

User · Answer

I have the same problem and I ve found it is in domain name of the email address which is somehow changed from   to   like  name domain com instead name domain com

User · Answer

The error I referenced was generated in system libraries Input php  about line 215 - look for function  clean input keys  str      The regex there does not allow for the dot character in an index   I changed it so it would

User · Answer

To use CodeIgniter with jQuery Ajax  use  Object  as data instead of Query string as below     ajax       url  site url    ajax signup       data     email   email   password   password       lt --- Use Object     type   post       success  function response  textStatus  jqXHR               sign-up   html response              error  function jqXHR  textStatus  errorThrown           console log  The following error occured                         textStatus  errorThrown

User · Answer

Replace the below Code in the  clean input keys function       if     preg match     a-z0-9    -     i    str                 exit  Disallowed Key Characters  n              if  UTF8 ENABLED     TRUE                 str    this- gt uni- gt clean string  str              return  str

User · Answer

Took a while to figure this one out  Seems most of us missed the obvious error   the last    -    is not escaped   Adding the   and   as I   ve seen other suggest may work for you  but the regex was supposed to be   if     preg match     a-z0-9     -       i    str

User · Answer

I had the same error after I posted a form of mine  I simply missed the opening quote in one of my input name attributes  I had    lt input name first name  gt   Fixing that got rid of the error

User · Answer

Open libraries Input php  system core Input php in CI version 2 0   and locate function  clean input keys  str       Modify if     preg match     a-z0-9    -    i    str   to if     preg match     a-z0-9   -     i    str

User · Answer

In my experience  it could be caused by uncompleted syntax  like         teks   val   instead of       teks   val

User · Answer

Php will evaluate what you wrote between the    brackets    foo   array  eins    zwei    apples    oranges    var dump  foo 3-1      Will produce string 6   apples   because it returns  foo 2    If you want that as a string  put inverted commas around it

User · Answer

I had this issue but my problem was that I by mistake added a space before the name of the input like so    lt input type  text  name   evening time phone  gt    When it shpuld be like this    lt input type  text  name  evening time phone  gt

User · Answer

I got this error when sending data from a rich text editor where I had included an ampersand   Replacing the ampersand with  26 - the URL encoding of ampersand - solved the problem   I also found that a jQuery ajax request configured like this magically solves the problem   request     ajax            url   url          type   PUT           dataType   json           data  json           where the object json is  surprise  surprise  a JSON object containing a property with a value that contains an ampersand

User · Answer

Open libraries Input php  system core Input php in CI version 2 0   and locate function  clean input keys  str    The whole block should look like so   function  clean input keys  str        if     preg match     a-z0-9    -    i    str                 exit  Disallowed Key Characters                return  str      Modify the PCRE sot that it allows the new chars   Please not that the char thats missing is the   dot  and you should always escape the   dot  in Regular Expressions as they will otherwise allow any single char      a-z0-9    -      i

User · Answer

In my case  i was serializing an input form using jquery serialize   and then urlencoding it using encodeURIComponent      var datas   form serialize    encodeURIComponent datas     getJSON url datas function         and codeigniter was giving the disallowed character error   i figured the issue here was  jquery serialize gives an encoded output and i was again encoding it with the encodeURIcomponent which was unnecessary  and when codeingiter decoded it it was not getting the actual string as some part was encoded twice   i will explain it with an example   string  quantity   1 amp option sell  urlencoded while serializing  quantity 5B 5D 3D1 26option 3Dsell  again urlencoded with encodedURICompontent    quantity 255B 255D 253D1 2526option 253Dsell   ---at codeigntier  urldecode  quantity 5B 5D 1 amp option sell   which has disallowed charecters as per the input class regex    note  this is not an answer to this question  but would help to check if one is encountering this error   thanks

User · Answer

The problem is you are using characters not included in the standard Regex  Use this    preg match     a-z0-9 x 4e00 - x 9fa5                                     amp          -        iu    str   As per the comments  and personal experience  you should not modify they Input php file     rather  you should create use your own MY Input php as follows     lt  php  class MY Input extends CI Input                   Clean Keys               This is a helper function  To prevent malicious users        from trying to exploit keys we make sure that keys are        only named with alpha-numeric text and a few other items                 Extended to allow               -      dot                -      open bracket               -      close bracket                  access  private         param   string         return  string             function  clean input keys  str               UPDATE  Now includes comprehensive Regex that can process escaped JSON         if   preg match     a-z0-9                                    amp          -        iu    str                                    Check for Development enviroment - Non-descriptive                 error so show me the string that caused the problem                              if  getenv  ENVIRONMENT    amp  amp  getenv  ENVIRONMENT       DEVELOPMENT                     var dump  str                             exit  Disallowed Key Characters                           Clean UTF-8 if supported         if  UTF8 ENABLED     TRUE                 str    this- gt uni- gt clean string  str                      return  str                   gt     Should never close php file - if you have a space after code  it can mess your life up          Chinese Character Support     NOTE   x 4e00 - x 9fa5    allow chinese characters    NOTE   i      case insensitive    NOTE   u      UTF-8 mode if   preg match     a-z0-9 x 4e00 - x 9fa5                                     amp          -        iu    str              NOTE  When Chinese characters are provided in a URL  they are not  really  there  the browser OS      handles the copy paste - gt  unicode conversion  eg                 -- gt   xn--4gqsa60b          punycode  converts these codes according to RFC 3492 and RFC 5891       https   github com bestiejs punycode js ---    bower install punycode

User · Answer

In Ubuntu  you can solve the problem by clearing the cookies of your browser  I had the same problem and solved it this way

User · Answer

i saw this error when i was trying to send a form  and in one of the fields  names  i let the word  endere  o    echo form input array  class    gt   form-control    name    gt   endereco    placeholder    gt   Endere  o    value    gt  set value  endereco        When i changed      for  c   the error was gone

User · Answer

In most of the cases when you have a existing software and you are trying to deploy in a new enviroment this kind of error should be caused by the PHP property  short open tag   Check if you have enabled in your new enviroment  In other words PHP couldn t read the  tags in your code

User · Answer

function  clean input keys  str    if     preg match     a-z0-9    -    i    str     exit  Disallowed Key Characters        return  str      Please add   str to exit  Disallowed Key Characters     Like  exit  Disallowed Key Characters     str    to help you in your search for rogue errors

[codeigniter] CodeIgniter Disallowed Key Characters

Examples related to codeigniter