Codeigniter %B4 how to validate/filter - codeigniter

I am having an issue where if a post variable has %B4 in it, it will be urldecoded into a char that cannot be saved into the database without an error. (Even if I access via $_POST).
What is the best way to validate a field so these chars. cannot be saved?

I think that maybe prey_match can help you.
<?php
$subject = "abcdef";
$pattern = '/^def/';
preg_match($pattern, substr($subject,3), $matches, PREG_OFFSET_CAPTURE);
print_r($matches);
?>

Related

Magento registry variables in controller

I have stored a variable in register by Mage::register('captcha', $var); in helper. And in the controller i tried to retrieve the variable by using Mage::registry('captcha'); But i dont getting any values here. Please help me to solve this.
In your helper file create a function like below :
public function getCaptcha(){
$var = 'myValue123';
Mage::register('varun', $var);
return Mage::registry('varun');
}
In your controller function:
$registryValue = Mage::helper('yourModule')->getCaptcha();
echo registryValue ; //prints myValue123
Hope it helps !!!
It's look like syntax is right.
Please first try to set some static value like $var="test"
Mage::register('captcha', $var);
after that got this value in controller.
Mage::registry('captcha');
if you got this value test then i think you have problem with $var in your helper.
Let me know if you have any problem
'captcha' is already in use, so magento never set your data in registry. Change the name, for example 'captcha1'
Mage::register('captcha1', $var);

Codeigniter - htmlspecialchars() on input not working

I'm using htmlspecialchars() on input field for user last name to prevent xss, but it's not working..
Let's say $user_data->user_last_name; is my user last name, so I did:
htmlspecialchars( $user_data->user_last_name, ENT_QUOTES, 'UTF-8' );
When I try to save user last name as 'Lastname<script>alert("xss")</script>', I get JS alert with 'xss' message.
Any clue maybe?
Try this, may work:
$string = htmlentities($user_data->user_last_name, ENT_QUOTES, 'ISO-8859-15');
While retrieving the input you should use:
$value = $this->input->post('input_name', true);
Here, true will clean the input value of xss.
It works, but The output is interpreted by your browser as HTML
// use That Simple Line Above Your Code To See The Real output
<?php
header('Content-Type: text/plain');
?>

Passing parameters through URL in CodeIgniter

I'm having a problem regarding passing parameter from url. The function I use sometimes give the correct result and sometimes not.
here is my controller functions:
public function link_gen(){
$text = "i have lost my password please help me";
$encrypted_text = $this->encrypt->encode($text);
$encrypted_url = urlencode($encrypted_text);
echo $encrypted_url. br();
echo br(). $this->retrive(urldecode($encrypted_url));
echo anchor('encryption/ret_back?username='.$encrypted_url, 'click me');
// echo anchor('encryption/ret_back/'.$encrypted_url, 'click me');
}
public function ret_back(){
// echo br(). $this->retrive(urldecode($str));
$user = $this->input->get('username');
echo br(). $this->retrive(urldecode($user));
echo $user. br();
echo "hellooooo". br();
}
For the sake of testing I'm encrypting a text then encode it in URL using urlencode(), then I pass this string to another function using URL, and then decode in the string in URL using urldecode() and then decode the text. But when I run this, sometimes the decoded text appears and sometimes it does not.
Can anybody tell me the reason and solution for this?
I want to use this in a 'forgot password' module.
It depends on how you create your links and how do you retrieve the data from url.
Anyway these are simple examples to get url data:
get from $_GET[] (http://site.com/?q=hello+world)
in this case you get the param q with echo $this->input->get('q',true);
get data from uri segments (http://site.com/id/230)
in this case you get id value via echo $this->uri->segment(2);
Then, if data in url exists it is not possible that the system didn't get that, so be sure data is in your url when opening url.

How to exctract a string from the following HTML page using PHP

Got stuck at some stuff. In short, I need to extract some certain data from a webpage.
Basically, I need to extract /title/tt0118615/ from
Anaconda"
by using preg_match() or whatever other ways. That's a piece of the code from the page which is extracted by the php code below:
<?php
$url = "http://www.imdb.com/find?s=tt&q=Anaconda";
$raw = file_get_contents($url);
echo preg_match ("/^(href=\"\/title\/tt)\"$/", $raw, $data);
echo "data: $data[1]";
?>
I know I'm wrong at the pattern, so that's why I'm posting my question here.
Thanks in advance.
I think this pattern will work in your case:
preg_match("/a href=\"([^\"]*)\"/", $raw, $data);
$data will be an array containing your results, $data[1] is the one you're looking for
$url = "http://www.imdb.com/find?s=tt&q=Anaconda";
$raw = file_get_contents($url);
preg_match_all('%b\.gif\?link=(/title/.*?)\'%i', $raw, $imdbcode, PREG_PATTERN_ORDER);
$imdbcode = $imdbcode[1][0];
echo $imdbcode; #echo's /title/tt0118615/

How do I get the suffix (in code) that is being used for urls?

Magento can add a suffix that is defined by the user to append onto urls. I want to get that suffix from my code. Does anyone know an easy way to do this?
If it's stored in the configuration area, then you access it just as you would any other configuration value, by using Mage::getStoreConfig($config_path) where $config_path is defined in the system.xml of the module that defines it.
If you're not sure of the $config_path, then I usually cheat and inspect the textbox/dropdown in the configuration section, take a look at the id, e.g. dev_log_file, and translate it to dev/log/file. You'll need to use some intelligence when there are multiple _ though :)
Nick's answer is good but the actual answer to this question is:
$suffix = Mage::helper('catalog/category')->getCategoryUrlSuffix();
If I am not mistaken, here is the code ( because I don't understand what you want with URL )
<?php
$currentUrl = $this->helper('core/url')->getCurrentUrl();
$url_parts = split('[/.-]', $currentUrl); // escape characters should change based your url
echo $url_parts[0]; //check here
?>
complete product url:
$productId = ***;
$productUrl = Mage::getBaseUrl().Mage::getResourceSingleton('catalog/product')->getAttributeRawValue($productId, 'url_key', Mage::app()->getStore()).Mage::helper('catalog/product')->getProductUrlSuffix();

Resources