Adds get_numeric_input() #1700

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
4 participants
Contributor

WDC commented Aug 13, 2012

This is a copy from my StackOverflow Q&A post: http://stackoverflow.com/questions/11927690/how-can-i-quickly-check-if-get-and-post-variables-in-codeigniter-are-both-set-an

get_numeric_input() for CodeIgniter

mixed get_numeric_input ( string $name [, bool $required = True [, string $source = "GET" [, bool $xss_clean = True ]]] )

Below is a function that I created because I was tired of checking if GET and POST variables existed and were numeric.

This was mainly used when handling errors or status messages, because I could use redirect("original_page.php?error=1"); to pass an error to the original page. On the original page, I could simply do if (isset($error)) { … } and display a message depending on the value. However, it was necessary to check these variables before sending them to the view in the interest of security. This process proved to be quite repetitive and tedious.

This function below is to be added to the bottom of wwwroot/application/system/core/Input.php

It is to be used as follows:

Example 1:

function index() {
   if ($error = $this->input->get_numeric_input('error', True, "GET", True)) {
      $data['error'] = $error;
   }
}

In this example, if $_GET['error'] is both set and numeric, it will set $data['error'] to that value. If it is either not set and/or not numeric, it will terminate the script.

Example 2:

function index() {
   if ($error = $this->input->get_numeric_input('error', False, "POST", True)) {
      $data['error'] = $error;
   }
}

In this example, if $_POST['error'] is both set and numeric, it will set $data['error'] to that value. If it is either not set and/or not numeric, it will continue and not set any values in the $data array.

The first argument is the variable name to be checked. The second variable is the boolean that makes the check required or not. If you have this set to TRUE, then if the variable is not set OR if it is not numeric, it will show an error and immediately terminate the script. If set to False, then it will will simply return False, and the script will move on. The third variable is either POST or GET, and will determine if the function looks for the variable in the $_GET or $_POST arrays. Finally, the fourth variable indicated whether or not the values will be XSS_CLEAN when returned.

NOTE: Both the second, third, and fourth arguments are optional, and default to True, “GET,” and True, respectively.

Adds get_numeric_input()
Checks if the specified GET or POST variable is set and numeric. Can either terminate the script upon failure or continue.

Summary of usage here: http://stackoverflow.com/questions/11927690/how-can-i-quickly-check-if-get-and-post-variables-in-codeigniter-are-both-set-an 
Contributor

ckdarby commented Oct 11, 2012

From what I am looking at this can already be achieved with Form_validaiton set_data & using the current ruleset.

Contributor

cryode commented Oct 13, 2012

This is an incredibly purpose-specific addition, that I doubt most CI users will ever need, so I wouldn't recommend this as an addition. You can already use Input::get_post() to check both GET/POST. I didn't even understand what the "numeric" portion was for until far down in your explanation. Code obscurity is not developer friendly. So while this maybe be extremely useful for given circumstances, it's seems too specific to me.

When it comes to retrieving GET/POST, throwing an error in the event of something being non-existant is overkill. It's one more thing that could surprise or confuse developers, and having the parameter default to TRUE is worse. Similar to existing methods, this should simply return NULL where necessary.

Disregarding functionality, here are some tips for future reference:

  • Code supplied as a pull requests should follow the coding styles/standards for CI.
  • In my opinion, your parameter checks are either too specific or too generic. You look for GET exactly, so get would not match. For the required parameter, you use a non-specific conditional to check for true/false.
  • You perform multiple repeated calls for Input::get() and Input::post() - keep it DRY and consolidate.
  • log_message() should be called before show_error() - show error calls exit(), so your message will never be logged if done after the error.
Contributor

narfbg commented Oct 13, 2012

Indeed, this is way too specific to get included in CI. Sorry @WDC, but you'll have to keep it in your MY_Input class.

@narfbg narfbg closed this Oct 13, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment