代码信号和分页与查询字符串 [英] Codeigniter and Pagination with Query Strings
问题描述
我想在Codeigniter中构建一个使用分页的搜索,并会喜欢它的一些帮助。
I am trying to build a Search with Pagination in Codeigniter and would love some help with it.
到目前为止,我意识到我不能使用BOTH的url段和查询字符串在一起。只使用查询字符串生成非常难看的URL。
So far, I've realized that I can not use BOTH url segments and query strings together. Using only query strings produces very ugly URLs.
我理解Codeigniter销毁GET,我想把它放回来。Ergo ...如果我把这个在搜索控制器的构造函数中,我的问题是否会得到解决?
I understand that Codeigniter destroys the GET and I'm trying to put it back in. Ergo... if I place this in the constructor of the search controller, will my problems be solved?
parse_str(substr(strrchr($_SERVER['REQUEST_URI'], "?"), 1), $_GET);
像这样,如果它适用于我,有什么我需要注意安全吗?
As in, if it works for me, is there anything I need to be aware of security wise?
推荐答案
到目前为止,我已经意识到我不能使用BOTH url段和查询字符串
So far, I've realized that I can not use BOTH url segments and query strings together.
当然可以。请在您的配置中尝试此操作:
Sure you can. Try this in your config:
$config['uri_protocol'] = "PATH_INFO";
这应该开始了。现在,由于CI放弃并清空$ _GET变量,您需要重新填充它,如下所示:
That should get things started. Now, since CI abandons and empties the $_GET variable, you need to repopulate it like this:
parse_str($_SERVER['QUERY_STRING'],$_GET);
现在唯一真正的担心是,如果你有全局XSS过滤,你应该知道您只需手动将查询字符串解析为全局$ _GET变量。这意味着你没有通过任何XSS过滤器。在CI 1.x中,您可以通过输入库访问过滤器,如下所示:
Now the only real concern here is that, if you have global XSS filtering on, you should know that you just manually parsed the query string into the global $_GET variable. This means you haven't passed it through any XSS filters. In CI 1.x you can access the filter through the input library like this:
$myvar = $this->input->xss_clean($_GET['myvar']);
在CI 2.x中,您可以通过安全库这样做:
In CI 2.x you do it through the security library like this:
$myvar = $this->security->xss_clean($_GET['myvar']);
当然,你可以扩展Controller类来拥有 get()
方法自动完成所有这些操作,您可以这样做:
Of course, it goes without saying that you can extend the Controller class to have a get()
method that does all this automatically such that you can do this:
$myvar = $this->get('myvar');
这篇关于代码信号和分页与查询字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!