issuhub.com

Professional CodeIgniter

(singke) #1

Chapter 9: Security and Performance


282


echo $FDATA. “\n”;

if ($error[$FIELD] == false){

echo form_hidden(“line_$key”.”[“.$FIELD.”]”,$FDATA);

}else{

echo “ & nbsp;”;

}

echo “ < /td > \n”;

}

}

echo “ < /tr > \n”;

}

? >

< /table >

< ?php

echo form_hidden(‘csvgo’,true);

echo form_close();

}else{

echo “ < h1 > We detected a problem... < /h1 > ”;

echo “ < p > No records to import! Please try again. < /p > ”;

}

? >

Handling Exceptions in Controller Functions


Once you have all of this work in place, you have a much more secure environment, at least when it

comes to handling user input. However, you ’ ll notice a few idiosyncrasies. For example, if you ’ re

visiting the site and try to visit a product page with a really large number, what do you think happens?

Well, at this point, you ’ re processing the getProduct() function with your new id_clean() function,

so no harm can happen.

At this point, if you try to open up product/138939018830190938 or some other nonsensical number

(or even /product/iamhackingyou), then you ’ ll get sent back to the home page. Why? Because in your

Welcome controller, you created the product() function in such a way as to send any visitors, who are

trying to visit a non - live product, back to the home page:

function product($productid){

$product = $this- > MProducts- > getProduct($productid);

if (!count($product)){

redirect(‘welcome/index’,’refresh’);

}

//function continues...

}

In other words, you ’ re using the passed - in argument to the getProduct() function to figure out which

product to get from the database table. This model function automatically passes that ID argument

through the custom id_clean() function added to the helper extension file.

If no record is retrieved from the database, then the $product array will be empty and will therefore not

pass the count() test. (You ’ re doing a similar test in the category() function.)

Some may argue that sending users back to the home page is a silly idea, that what you should be doing

is sending them on to a custom 404 page, but the point is moot. Yes, you ’ re doing a good thing by passing
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.