I know that codeIgniter turns off GET parameters by default.
But by having everything done in POST, don't you get annoyed by the re-send data requests if ever you press back after a form submission?
It annoys me, but I'm not sure if I want to allow GET purely for this reason.
Is it such a big security issue to allow GET parameters too?
This question is related to
html
codeigniter
post
get
This worked for me :
<?php
$url = parse_url($_SERVER['REQUEST_URI']);
parse_str($url['query'], $params);
?>
$params
array contains the parameters passed after the ? character
GET parameters are cached by the web browser, POST is not. So with a POST you don't have to worry about caching, so that is why it is usually prefered.
A little bit out of topic, but I was looking for a get function in CodeIgniter just to pass some variables between controllers and come across Flashdata.
see : http://codeigniter.com/user_guide/libraries/sessions.html
Flashdata allows you to create a quick session data that will only be available for the next server request, and are then automatically cleared.
You can Try this
$this->uri->segment('');
You can enable query strings if you really insist. In your config.php you can enable query strings:
$config['enable_query_strings'] = TRUE;
For more info you can look at the bottom of this Wiki page: http://codeigniter.com/user_guide/general/urls.html
Still, learning to work with clean urls is a better suggestion.
Even easier:
curl -X POST -d "param=value¶m2=value" http://example.com/form.cgi
that plugin's pretty cool though.
"don't you get annoyed by the re-send data requests if ever you press back after a form submission"
you can get around this by doing a redirect from the page that processes your form submission to the success page. the last "action" was the loading of the success page, not the form submission, which means if users do an F5 it will just reload that page and not submit the form again.
parse_str($_SERVER['QUERY_STRING'],$_GET);
ONLY worked for me after I added the following line to applications/config/config.php:
$config['uri_protocol'] = "PATH_INFO";
I found $_GET params not to really be necessary in CI, but Facebook and other sites dump GET params to the end of links which would 404 for my CI site!! By adding the line above in config.php, those pages worked. I hope this helps people!
MY_Input.php :
<?php
// this class extension allows for $_GET access
class MY_Input extends CI_input {
function _sanitize_globals()
{
// setting allow_get_array to true is the only real modification
$this->allow_get_array = TRUE;
parent::_sanitize_globals();
}
}
/* End of file MY_Input.php */
/* Location: .application/libraries/MY_Input.php */
MY_URI.php :
<?php
/*
| this class extension allows for $_GET access by retaining the
| standard functionality of allowing query strings to build the
| URI String, but checks if enable_query_strings is TRUE
*/
class MY_URI extends CI_URI{
function _fetch_uri_string()
{
if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
{
// If the URL has a question mark then it's simplest to just
// build the URI string from the zero index of the $_GET array.
// This avoids having to deal with $_SERVER variables, which
// can be unreliable in some environments
//
// *** THE ONLY MODIFICATION (EXTENSION) TO THIS METHOD IS TO CHECK
// IF enable_query_strings IS TRUE IN THE LINE BELOW ***
if ($this->config->item('enable_query_strings') === TRUE && is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
{
$this->uri_string = key($_GET);
return;
}
// Is there a PATH_INFO variable?
// Note: some servers seem to have trouble with getenv() so we'll test it two ways
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
if (trim($path, '/') != '' && $path != "/".SELF)
{
$this->uri_string = $path;
return;
}
// No PATH_INFO?... What about QUERY_STRING?
$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
if (trim($path, '/') != '')
{
$this->uri_string = $path;
return;
}
// No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
$path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO'));
if (trim($path, '/') != '' && $path != "/".SELF)
{
// remove path and script information so we have good URI data
$this->uri_string = $path;
return;
}
// We've exhausted all our options...
$this->uri_string = '';
}
else
{
$uri = strtoupper($this->config->item('uri_protocol'));
if ($uri == 'REQUEST_URI')
{
$this->uri_string = $this->_parse_request_uri();
return;
}
$this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
}
// If the URI contains only a slash we'll kill it
if ($this->uri_string == '/')
{
$this->uri_string = '';
}
}
}
/* End of file MY_URI.php */
/* Location: .application/libraries/MY_URI.php */
Even easier:
curl -X POST -d "param=value¶m2=value" http://example.com/form.cgi
that plugin's pretty cool though.
Now it works ok from CodeIgniter 2.1.0
//By default CodeIgniter enables access to the $_GET array. If for some
//reason you would like to disable it, set 'allow_get_array' to FALSE.
$config['allow_get_array'] = TRUE;
You can Try this
$this->uri->segment('');
This worked for me :
<?php
$url = parse_url($_SERVER['REQUEST_URI']);
parse_str($url['query'], $params);
?>
$params
array contains the parameters passed after the ? character
If your your need to first parameter use it.
$this->uri->segment('3');
And your need second parameter use it
$this->uri->segment('4');
Have your many parameter enhance parameter
allesklar: That is slightly misleading, as scripts and bots can POST data nearly as easily as sending a normal request. It's not a secret, it's part of HTTP.
my parameter is ?uid=4 and get it with:
$this->uid = $this->input->get('uid', TRUE);
echo $this->uid;
wis
You simply need to enable it in the config.php and you can use $this->input->get('param_name');
to get parameters.
A little bit out of topic, but I was looking for a get function in CodeIgniter just to pass some variables between controllers and come across Flashdata.
see : http://codeigniter.com/user_guide/libraries/sessions.html
Flashdata allows you to create a quick session data that will only be available for the next server request, and are then automatically cleared.
allesklar: That is slightly misleading, as scripts and bots can POST data nearly as easily as sending a normal request. It's not a secret, it's part of HTTP.
You can enable query strings if you really insist. In your config.php you can enable query strings:
$config['enable_query_strings'] = TRUE;
For more info you can look at the bottom of this Wiki page: http://codeigniter.com/user_guide/general/urls.html
Still, learning to work with clean urls is a better suggestion.
GET parameters are cached by the web browser, POST is not. So with a POST you don't have to worry about caching, so that is why it is usually prefered.
If your your need to first parameter use it.
$this->uri->segment('3');
And your need second parameter use it
$this->uri->segment('4');
Have your many parameter enhance parameter
"don't you get annoyed by the re-send data requests if ever you press back after a form submission"
you can get around this by doing a redirect from the page that processes your form submission to the success page. the last "action" was the loading of the success page, not the form submission, which means if users do an F5 it will just reload that page and not submit the form again.
This function is identical to the post function, only it fetches get data:
$this->input->get()
Do this below. Worked for me. I took values from a select box and another textbox. Then on button click I took the entire data in Javascript function and redirected using javascript.
//Search Form
$(document).ready (function($){
$("#searchbtn").click(function showAlert(e){
e.preventDefault();
var cat = $('#category').val();
var srch = $('#srch').val();
if(srch==""){
alert("Search is empty :(");
}
else{
var url = baseurl+'categories/search/'+cat+'/'+srch;
window.location.href=url;
}
});
});
The above code worked for me.
MY_Input.php :
<?php
// this class extension allows for $_GET access
class MY_Input extends CI_input {
function _sanitize_globals()
{
// setting allow_get_array to true is the only real modification
$this->allow_get_array = TRUE;
parent::_sanitize_globals();
}
}
/* End of file MY_Input.php */
/* Location: .application/libraries/MY_Input.php */
MY_URI.php :
<?php
/*
| this class extension allows for $_GET access by retaining the
| standard functionality of allowing query strings to build the
| URI String, but checks if enable_query_strings is TRUE
*/
class MY_URI extends CI_URI{
function _fetch_uri_string()
{
if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
{
// If the URL has a question mark then it's simplest to just
// build the URI string from the zero index of the $_GET array.
// This avoids having to deal with $_SERVER variables, which
// can be unreliable in some environments
//
// *** THE ONLY MODIFICATION (EXTENSION) TO THIS METHOD IS TO CHECK
// IF enable_query_strings IS TRUE IN THE LINE BELOW ***
if ($this->config->item('enable_query_strings') === TRUE && is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
{
$this->uri_string = key($_GET);
return;
}
// Is there a PATH_INFO variable?
// Note: some servers seem to have trouble with getenv() so we'll test it two ways
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
if (trim($path, '/') != '' && $path != "/".SELF)
{
$this->uri_string = $path;
return;
}
// No PATH_INFO?... What about QUERY_STRING?
$path = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
if (trim($path, '/') != '')
{
$this->uri_string = $path;
return;
}
// No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
$path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO'));
if (trim($path, '/') != '' && $path != "/".SELF)
{
// remove path and script information so we have good URI data
$this->uri_string = $path;
return;
}
// We've exhausted all our options...
$this->uri_string = '';
}
else
{
$uri = strtoupper($this->config->item('uri_protocol'));
if ($uri == 'REQUEST_URI')
{
$this->uri_string = $this->_parse_request_uri();
return;
}
$this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
}
// If the URI contains only a slash we'll kill it
if ($this->uri_string == '/')
{
$this->uri_string = '';
}
}
}
/* End of file MY_URI.php */
/* Location: .application/libraries/MY_URI.php */
Do this below. Worked for me. I took values from a select box and another textbox. Then on button click I took the entire data in Javascript function and redirected using javascript.
//Search Form
$(document).ready (function($){
$("#searchbtn").click(function showAlert(e){
e.preventDefault();
var cat = $('#category').val();
var srch = $('#srch').val();
if(srch==""){
alert("Search is empty :(");
}
else{
var url = baseurl+'categories/search/'+cat+'/'+srch;
window.location.href=url;
}
});
});
The above code worked for me.
GET parameters are cached by the web browser, POST is not. So with a POST you don't have to worry about caching, so that is why it is usually prefered.
You simply need to enable it in the config.php and you can use $this->input->get('param_name');
to get parameters.
This function is identical to the post function, only it fetches get data:
$this->input->get()
Now it works ok from CodeIgniter 2.1.0
//By default CodeIgniter enables access to the $_GET array. If for some
//reason you would like to disable it, set 'allow_get_array' to FALSE.
$config['allow_get_array'] = TRUE;
my parameter is ?uid=4 and get it with:
$this->uid = $this->input->get('uid', TRUE);
echo $this->uid;
wis
Source: Stackoverflow.com