Codeigniter security check if uri is number, because of pagination
-
13-10-2019 - |
Question
One thing in the security of codeigniter is checking if the uri is a number or something that we expect! Here is the code:
$this->load->helper('form');
$this->load->library('pagination');
$config['permitted_uri_chars'] = '0-9';
$config['base_url'] = '/member/index';
$config['per_page'] = 5;
$config['num_links'] = 10;
$query_not_voted_rows = "SELECT p_id FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').")";
$config['total_rows'] = $this->db->query($query_not_voted_rows)->num_rows();
$config['full_tag_open'] = '<div id="pagination">';
$config['full_tag_close'] = '</div>';
$this->pagination->initialize($config);
if($this->uri->segment(3) == '')
{
$segment_url = 0;
}else{
$segment_url = $this->uri->segment(3);
}
$query_not_voted = "SELECT * FROM photos WHERE p_id NOT IN (SELECT distinct p_id FROM p_votes where u_id = ".$this->session->userdata('u_id').") LIMIT ".$segment_url.", ".$config['per_page'];
But if now someone enters in uri segment: "kdkdkdd", then the sql breaks, because $segment_url
is kdkdkdd and not the number!
So the question is, how to escape this?
Solution
This is my simple solution:
if($this->uri->segment(3) == '')
{
$segment_url = 0;
}else{
if(!is_numeric($this->uri->segment(3))){
redirect('404');
}else{
$segment_url = $this->uri->segment(3);
}
}
But if somebody have any better idea or tutorial on this please...
OTHER TIPS
nice job =)
answer 1 +
<?
$cadena = "sdfio9874673o4h784";
for ($i=0; $i<strlen($cadena); $i++) {
if (is_numeric($cadena[$i])) {$cadena2.=$cadena[$i];}
}
echo $cadena2;
?>
= nice code
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow