GET parameters in the URL with CodeIgniter

2019-01-08 06:24发布

站内问答 / 前端开发
1656 16 4

I know that codeIgniter turns off GET parameters by default.

But by having everything done in POST, don't you get annoyed by the re-send data requests if ever you press back after a form submission?

It annoys me, but I'm not sure if I want to allow GET purely for this reason.

Is it such a big security issue to allow GET parameters too?

16条回答
\"骚年 ilove
2楼-- · 2019-01-08 06:37

MY_Input.php :

<?php
// this class extension allows for $_GET access
class MY_Input extends CI_input {

    function _sanitize_globals()
    {
        // setting allow_get_array to true is the only real modification
        $this->allow_get_array = TRUE;

        parent::_sanitize_globals();
    }

}
/* End of file MY_Input.php */
/* Location: .application/libraries/MY_Input.php */

MY_URI.php :

<?php
/*
 | this class extension allows for $_GET access by retaining the
 | standard functionality of allowing query strings to build the 
 | URI String, but checks if enable_query_strings is TRUE
*/
class MY_URI extends CI_URI{

    function _fetch_uri_string()
    {
        if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
        {
            // If the URL has a question mark then it's simplest to just
            // build the URI string from the zero index of the $_GET array.
            // This avoids having to deal with $_SERVER variables, which
            // can be unreliable in some environments
            //
            //  *** THE ONLY MODIFICATION (EXTENSION) TO THIS METHOD IS TO CHECK 
            //      IF enable_query_strings IS TRUE IN THE LINE BELOW ***
            if ($this->config->item('enable_query_strings') === TRUE && is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
            {
                $this->uri_string = key($_GET);
                return;
            }

            // Is there a PATH_INFO variable?
            // Note: some servers seem to have trouble with getenv() so we'll test it two ways
            $path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
            if (trim($path, '/') != '' && $path != "/".SELF)
            {
                $this->uri_string = $path;
                return;
            }

            // No PATH_INFO?... What about QUERY_STRING?
            $path =  (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
            if (trim($path, '/') != '')
            {
                $this->uri_string = $path;
                return;
            }

            // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
            $path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO'));
            if (trim($path, '/') != '' && $path != "/".SELF)
            {
                // remove path and script information so we have good URI data
                $this->uri_string = $path;
                return;
            }

            // We've exhausted all our options...
            $this->uri_string = '';
        }
        else
        {
            $uri = strtoupper($this->config->item('uri_protocol'));

            if ($uri == 'REQUEST_URI')
            {
                $this->uri_string = $this->_parse_request_uri();
                return;
            }

            $this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
        }

        // If the URI contains only a slash we'll kill it
        if ($this->uri_string == '/')
        {
            $this->uri_string = '';
        }
    }

}
/* End of file MY_URI.php */
/* Location: .application/libraries/MY_URI.php */
查看更多
0人赞 添加讨论(0) 举报
对你真心纯属浪费
3楼-- · 2019-01-08 06:40

You simply need to enable it in the config.php and you can use $this->input->get('param_name'); to get parameters.

查看更多
0人赞 添加讨论(0) 举报
兄弟一词,经得起流年.
4楼-- · 2019-01-08 06:40

Even easier: 

curl -X POST -d "param=value&param2=value" http://example.com/form.cgi

that plugin's pretty cool though.

查看更多
0人赞 添加讨论(0) 举报
Deceive 欺骗
5楼-- · 2019-01-08 06:41

This function is identical to the post function, only it fetches get data:

$this->input->get()

https://www.codeigniter.com/user_guide/libraries/input.html

查看更多
0人赞 添加讨论(0) 举报
Summer. ? 凉城
6楼-- · 2019-01-08 06:42

"don't you get annoyed by the re-send data requests if ever you press back after a form submission"

you can get around this by doing a redirect from the page that processes your form submission to the success page. the last "action" was the loading of the success page, not the form submission, which means if users do an F5 it will just reload that page and not submit the form again.

查看更多
0人赞 添加讨论(0) 举报
欢心
7楼-- · 2019-01-08 06:44

You can enable query strings if you really insist. In your config.php you can enable query strings:

$config['enable_query_strings'] = TRUE;

For more info you can look at the bottom of this Wiki page: http://codeigniter.com/user_guide/general/urls.html

Still, learning to work with clean urls is a better suggestion.

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2 3 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)