0

E.g. I have a working url:

http://localhost/article/154

Where 154 is $id of the article in db and a controller article looks like e.g.:

function index ($id = '')
{

// some code here

}

Now, when I type something like:

http://localhost/article/154dsdead34

I get error because that id is not in my db. But, the php errors are shown on the page and the whole page is messedd up.

Instead I need a redirect to my controller called custom404 that can handle this (or if it is for some reason not possible at least a direct redirect('/'); to the homepage)

The same fix for variants like (to big $id number or not found in db):

http://localhost/article/3004534534534234600234

or (other parameters)

http://localhost/article/154/something/derer/asdasd

how to do such security check in CodeIgniter?

Derfder
  • 3,204
  • 11
  • 50
  • 85

2 Answers2

3

So many ways to do this.

Inside the function, define ($id = NULL) so it skips empty errors, and the 1st statement can be if ( ! is_numeric($id)) show_404();

You could also run $id = (int)$id; which should turn 154dsdead34 into 154.

Routing is an option aswell. What would you prefer?

You could do like this; inside the function run:

if ( ! preg_match("~^article/\d+$~", $this->uri->uri_string())) {
    // Redirect user
}

Change accordingly. ~ opens and closes the regex. it's often /, but with like ~ you don't have to escape / (\/). ^ is the beginning of the string and $ is the end. \d+ is equal to [0-9]+ and requires cases with one digit or more. I hope it makes sense.

Robin Castlin
  • 10,956
  • 1
  • 28
  • 44
  • What about localhost/article/154/somehtingwrong/blablabla/eee type of link ? Now, it throws errors. – Derfder Nov 07 '12 at 09:52
  • Routes are imho the easiest, but I am not sure how to do that condition into regex. I mean only id (id check in db I can handle in controller) after article/ is allowed and everything else like /asdasdsad/asdasd/asda is not. any advice? – Derfder Nov 07 '12 at 09:54
  • Added another solution with explaination. Just for curiosity, what does it matter if those random urls work? is it for potential SEO optimization? – Robin Castlin Nov 07 '12 at 10:56
  • it is not working ;( . link like article/154/somehtingwrong/blablabla/eee throws errors ;( – Derfder Nov 07 '12 at 11:14
  • Finally! your sulution is working. However, I needed to change in my routes from $route['article/(:num)'] = 'article/$1'; to $route['article/(:any)'] = 'article/$1'; . So num to any with your preg_match will make the WIN. Thanks a lot. – Derfder Nov 07 '12 at 11:22
0

Through the routes.php in config folder, to check for the 6 digit numeric only you need use

$route['article/([0-9]{1,6})'] = 'article/$1' ;

and mention all other cases to 404 or send to any other controller

senK
  • 2,782
  • 1
  • 27
  • 38
  • Not working. I need a redirect if it is wrong. Your suggestion is identical to my old: $route['article/(:num)'] = 'article/$1' ; It is not helping at all. – Derfder Nov 07 '12 at 09:29
  • What do you mean by "and mention all other cases to 404 or send to any other controller"? My current in routes.php is $route['404_override'] = 'custom404'; How can I change it? – Derfder Nov 07 '12 at 09:34
  • Oh for the custom404 take a look [link](http://stackoverflow.com/questions/2310061/how-can-i-redirect-a-404-error-in-a-custom-404-page-using-codeigniter) – senK Nov 07 '12 at 09:54
  • I know that. I need to ignore the other parts if somebody write them e.g. instead of the good link localhost/article/154/ he writes somethink like: localhost/article/154/somehtingwrong/blablabla/eee and I need to ignore the part after the id. I mean this part: /somehtingwrong/blablabla/eee – Derfder Nov 07 '12 at 09:57