CodeIgniter不允许在查询搜索词中使用等号?

时间:2018-01-06 20:27:24

标签: php codeigniter

我有一个接受编码代码并将其设置为会话变量的控制器。然后我尝试在DB中查找该代码。

当我打印出查询字符串时,由于某种原因它被排除在外。

/**
 * Pass our signup code for demo purposes
 */
public function c(){

    // Did we come here from a Sign-up Pin?
    $registerPin = $this->uri->segment(3);

    if($registerPin){
        $this->session->set_userdata(array(
            'registerPin'  => $registerPin
        ));
    }

    // Redirect to register
    redirect(site_url("register"));

}

型号: 

/**
 * Check to see if a pin is a valid demo pin.
 */
public function check_register_pin($pin){

    $s=$this->db
        ->where(array("p.IsDemoPin" => '1', "p.Denomination" => 20, "p.Pin" => $pin))
        ->where("PinID NOT IN (select PinID from customer_pins where `PinID` = '$pin')")
        ->get("pins as p");

    // If this pin was valid and not used, return true.
    if ($s->num_rows() > 0) {
        return true;
    } else {
        return false;
    }

}

配置: 

$config['permitted_uri_chars'] = 'a-z 0-9~%.:_=+-';

示例Pin我正在尝试查找:

ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj/f4=

打印查询: 

SELECT * FROM `pins` as `p` WHERE `p`.`IsDemoPin` = '1' AND `p`.`Denomination` = 20 AND `p`.`Pin` = 'ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj' AND `PinID` NOT IN (select PinID from customer_pins where `PinID` = 'ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj')

1 个答案:

答案 0 :(得分:1)

问题是,用于加密值的类返回base64编码的字符串。其中包含/,并且在网址中使用时会破坏您的路由。

Base64 url安全,因为它包含/+=个字符。

你可以通过解码函数返回的内容然后以url安全的方式对其进行编码来解决这个问题,然后你可以在url路径中使用它而不会出现问题:

<?php
/**
 * Decode a url-safe base64 string.
 */
function base64_urldecode($str) {
    $pad = strlen($str) % 4;
    if ($pad) {
        $padlen = 4 - $pad;
        $str .= str_repeat('=', $padlen);
    }
    return base64_decode(strtr($str, '-_', '+/'));
}

/**
 * Encode a string into url safe base64.
 */
function base64_urlencode($str) {
    return str_replace('=', '', strtr(base64_encode($str), '+/', '-_'));
}

$code = base64_decode('ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj/f4=');

echo base64_urlencode($code);

输出_f4代替/f4=

相关问题
最新问题