codeiginter 无法直接访问函数

发布于 2024-11-11 00:17:53 字数 428 浏览 4 评论 0原文

我遇到了有关直接访问功能的问题:例如我有以下代码:

控制器用户

function index(){
//this is my users index view, user can add,edit,delete cars 
}

function details($id){
//a function where 1 car can be viewed in detail..

function add(){
//function to add car
}

现在,如果我转到地址栏并键入。 localhost/myapp/users/detail 它将转到 url 并回显错误,因为 $id 为 null。我想要的是,如果用户在地址栏中键入,则可以直接访问索引。我不希望用户直接进入 myapp/users/add 等。

I'm having this problem about direct access to functions: for example I have this code:

controller users

function index(){
//this is my users index view, user can add,edit,delete cars 
}

function details($id){
//a function where 1 car can be viewed in detail..

function add(){
//function to add car
}

Now if I go to address bar and type. localhost/myapp/users/detail it will go to the url and echo an error since $id is null. What I want is only the index is directly accessible if a user would type in the address bar. I don't want the users to go directly to myapp/users/add, etc..

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

梦里人 2024-11-18 00:17:53

CI 控制器函数始终必须能够处理用户输入(即 url 段),这意味着任何人都可以输入他们想要的任何内容并发出请求。你无法阻止这一点。最佳实践是:

  • 始终提供默认参数
  • 使用 URI 类获取参数,或者 func_get_args()
  • 始终验证传递给控制器,就像处理任何其他用户输入一样,

因为它更常见、更容易接受且更易于阅读 - 只需确保始终提供默认值并验证它们。

控制器的示例:

function index() {
    //this is my users index view
    //user can add,edit,delete cars
}

function details($id = NULL) {
    if ( ! $id) {
        // No ID present, maybe redirect without message
        redirect('users');
    }
    $user = $this->user_model->get($id);
    if ( ! $user) {
        // ID present but no user found, redirect with error message
        $this->session->set_flashdata('error_message', 'User not found');
        redirect('users');
    }
    // We found a user, load view here etc.
}

function add() {
    // Check for the presence of a $_POST value
    // You could also use the Form_validation lib here
    if ( ! $this->input->post('add_car')
    {
        $this->session->set_flashdata('error_message', 'Invalid request');
        redirect('users');
    }
    // Try to add the car here and always redirect from here
}

唯一的其他方法是使方法私有或按照建议使用 CI 的 _underscore() 命名(使其无法从 url 访问)。如果您愿意,您仍然可以在其他方法中调用该函数,如下所示:

function index() {
    if ($this->input->post('add_car')
    {
        // Call the private "_add" method 
        $this->_add();
    }
    // Load index view
}

因此,长话短说:您无法阻止发出请求,您只能决定当请求无效时该怎么做。

CI Controller functions always must be able to handle user input (i.e. url segments), which means anyone can type in whatever they wish and make a request. You can't stop that. The best practice is to either:

  • Always provide default arguments
  • Use the URI class to get your parameters, or func_get_args()
  • Always validate the presence of and integrity of arguments passed to the controller, as you would with any other user input

Since it's much more common, accepted, and easier to read - just make sure to always provide defaults and validate them.

An example with your controller:

function index() {
    //this is my users index view
    //user can add,edit,delete cars
}

function details($id = NULL) {
    if ( ! $id) {
        // No ID present, maybe redirect without message
        redirect('users');
    }
    $user = $this->user_model->get($id);
    if ( ! $user) {
        // ID present but no user found, redirect with error message
        $this->session->set_flashdata('error_message', 'User not found');
        redirect('users');
    }
    // We found a user, load view here etc.
}

function add() {
    // Check for the presence of a $_POST value
    // You could also use the Form_validation lib here
    if ( ! $this->input->post('add_car')
    {
        $this->session->set_flashdata('error_message', 'Invalid request');
        redirect('users');
    }
    // Try to add the car here and always redirect from here
}

The only other way is to make the method private or use CI's _underscore() naming as suggested (making it inaccessible from the url). You can still call the function in other methods if you wish, as in:

function index() {
    if ($this->input->post('add_car')
    {
        // Call the private "_add" method 
        $this->_add();
    }
    // Load index view
}

So to make a long story short: You can't stop the requests from being made, you can only decide what to do when the request is invalid.

长梦不多时 2024-11-18 00:17:53

在要隐藏的函数名称前添加下划线:

function _details($id){
//a function where 1 car can be viewed in detail..
}
function add(){
//function to add car
}

Add an underscore before the names of functions you want to hide:

function _details($id){
//a function where 1 car can be viewed in detail..
}
function add(){
//function to add car
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文