Re: get method validation
Hi!
U can use the php function: is_numeric (http://de.php.net/manual/en/
function.is-numeric.php)
kinda:
function (id = null)
{
if (empty ($id) || !is_numeric ($id)) // error!!!
else // save/update/delete
}
Regards!
mono.
On Jan 18, 8:32 pm, Delirium tremens wrote:
> Do you know
>
>
>
>
> and
>
> http://www.asite.com/script.php?id=a
>
> ?
>
> Valid IDs are numbers. How do I prevent my script from assigning
> invalid values to id?
>
> On 18 jan, 17:18, Webweave wrote:
>
> > Not clear on what your question means, are you asking about validation
> > rules?
>
> > On Jan 18, 7:30 am, Delirium tremens wrote:
>
> > > How to validate an id passed not by post, but by get? I do not have to
> > > output an error message to hackers and crackers, do I? I tested using /
> > > ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> > > did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
It should be noted that the GET Request is not designed for this ;-)
Hypertext Transfer Protocol (HTTP)
Request methods
GET
Requests a representation of the specified resource. Note that GET
should not be used for operations that cause side-effects, such as
using it for taking actions in web applications. One reason for this
is that GET may be used arbitrarily by robots or crawlers, which
should not need to consider the side effects that a request should
cause.
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol
Or at least it should be seen as Best Pratice not to do so.
On Jan 19, 1:53 am, Webweave wrote:
> Not sure I do, looks like you got a partial post. The validate
> 'numeric' for id, will validate the data for your id column as
> numeric.
>
> You don't even need that if the field is numeric as there wouldn't be
> allowed automatically.
>
> IF on the other hand you are asking how do I detect if a value was
> passed by GET or POST, that's an entirely different thing.
>
> POST data is passed in $this->data, GET data is passed in $this-
>
> >passedArgs or $this->params['url'].
>
> Seehttp://book.cakephp.org/view/55/The-Parameters-Attribute-params
>
> On Jan 18, 11:43 am, Delirium tremens wrote:
>
> > Are you still not understanding the question?
>
> > On 18 jan, 15:38, Delirium tremens wrote:
>
> > > How come nobody knows???
>
> > > On 18 jan, 13:30, Delirium tremens wrote:
>
> > > > How to validate an id passed not by post, but by get? I do not have to
> > > > output an error message to hackers and crackers, do I? I tested using /
> > > > ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> > > > did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
Not sure I do, looks like you got a partial post. The validate
'numeric' for id, will validate the data for your id column as
numeric.
You don't even need that if the field is numeric as there wouldn't be
allowed automatically.
IF on the other hand you are asking how do I detect if a value was
passed by GET or POST, that's an entirely different thing.
POST data is passed in $this->data, GET data is passed in $this-
>passedArgs or $this->params['url'].
See http://book.cakephp.org/view/55/The-Parameters-Attribute-params
On Jan 18, 11:43 am, Delirium tremens wrote:
> Are you still not understanding the question?
>
> On 18 jan, 15:38, Delirium tremens wrote:
>
> > How come nobody knows???
>
> > On 18 jan, 13:30, Delirium tremens wrote:
>
> > > How to validate an id passed not by post, but by get? I do not have to
> > > output an error message to hackers and crackers, do I? I tested using /
> > > ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> > > did not output an error message.
>
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
Are you still not understanding the question?
On 18 jan, 15:38, Delirium tremens wrote:
> How come nobody knows???
>
> On 18 jan, 13:30, Delirium tremens wrote:
>
> > How to validate an id passed not by post, but by get? I do not have to
> > output an error message to hackers and crackers, do I? I tested using /
> > ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> > did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
Do you know
and
http://www.asite.com/script.php?id=a
?
Valid IDs are numbers. How do I prevent my script from assigning
invalid values to id?
On 18 jan, 17:18, Webweave wrote:
> Not clear on what your question means, are you asking about validation
> rules?
>
> On Jan 18, 7:30 am, Delirium tremens wrote:
>
> > How to validate an id passed not by post, but by get? I do not have to
> > output an error message to hackers and crackers, do I? I tested using /
> > ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> > did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
update link
readall view
echo $html->link('Update', '/articles/update/'.$articleid);
update method
articles controller
function update($id = null) {
validate var
articles model
'id' => 'numeric'
update link
articles controller
echo $form->input('id', array('type'=>'hidden'));
How do I prevent my script from trying to delete id = not a number?
On 18 jan, 17:07, brian wrote:
> Well, I don't know quite what the question is. What does your test
> look like, exactly? What data are you posting? Post some code.
>
> On Sun, Jan 18, 2009 at 12:38 PM, Delirium tremens wrote:
>
> > How come nobody knows???
>
> > On 18 jan, 13:30, Delirium tremens wrote:
> >> How to validate an id passed not by post, but by get? I do not have to
> >> output an error message to hackers and crackers, do I? I tested using /
> >> ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> >> did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
Not clear on what your question means, are you asking about validation
rules?
On Jan 18, 7:30 am, Delirium tremens wrote:
> How to validate an id passed not by post, but by get? I do not have to
> output an error message to hackers and crackers, do I? I tested using /
> ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
Well, I don't know quite what the question is. What does your test
look like, exactly? What data are you posting? Post some code.
On Sun, Jan 18, 2009 at 12:38 PM, Delirium tremens wrote:
>
> How come nobody knows???
>
> On 18 jan, 13:30, Delirium tremens wrote:
>> How to validate an id passed not by post, but by get? I do not have to
>> output an error message to hackers and crackers, do I? I tested using /
>> ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
>> did not output an error message.
> >
>
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: get method validation
How come nobody knows???
On 18 jan, 13:30, Delirium tremens wrote:
> How to validate an id passed not by post, but by get? I do not have to
> output an error message to hackers and crackers, do I? I tested using /
> ^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
> did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
get method validation
How to validate an id passed not by post, but by get? I do not have to
output an error message to hackers and crackers, do I? I tested using /
^[0-9]{1,10}$/ as rule, nothing as message and passing an "a", but it
did not output an error message.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
