codeiginter 无法直接访问函数
我遇到了有关直接访问功能的问题:例如我有以下代码:
控制器用户
function index(){
//this is my users index view, user can add,edit,delete cars
}
function details($id){
//a function where 1 car can be viewed in detail..
function add(){
//function to add car
}
现在,如果我转到地址栏并键入。 localhost/myapp/users/detail 它将转到 url 并回显错误,因为 $id 为 null。我想要的是,如果用户在地址栏中键入,则可以直接访问索引。我不希望用户直接进入 myapp/users/add 等。
I'm having this problem about direct access to functions: for example I have this code:
controller users
function index(){
//this is my users index view, user can add,edit,delete cars
}
function details($id){
//a function where 1 car can be viewed in detail..
function add(){
//function to add car
}
Now if I go to address bar and type. localhost/myapp/users/detail it will go to the url and echo an error since $id is null. What I want is only the index is directly accessible if a user would type in the address bar. I don't want the users to go directly to myapp/users/add, etc..
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
CI 控制器函数始终必须能够处理用户输入(即 url 段),这意味着任何人都可以输入他们想要的任何内容并发出请求。你无法阻止这一点。最佳实践是:
func_get_args()
因为它更常见、更容易接受且更易于阅读 - 只需确保始终提供默认值并验证它们。
控制器的示例:
唯一的其他方法是使方法私有或按照建议使用 CI 的
_underscore()
命名(使其无法从 url 访问)。如果您愿意,您仍然可以在其他方法中调用该函数,如下所示:因此,长话短说:您无法阻止发出请求,您只能决定当请求无效时该怎么做。
CI Controller functions always must be able to handle user input (i.e. url segments), which means anyone can type in whatever they wish and make a request. You can't stop that. The best practice is to either:
func_get_args()
Since it's much more common, accepted, and easier to read - just make sure to always provide defaults and validate them.
An example with your controller:
The only other way is to make the method private or use CI's
_underscore()
naming as suggested (making it inaccessible from the url). You can still call the function in other methods if you wish, as in:So to make a long story short: You can't stop the requests from being made, you can only decide what to do when the request is invalid.
在要隐藏的函数名称前添加下划线:
Add an underscore before the names of functions you want to hide: