GET parameters in the URL with CodeIgniter

Question

I know that codeIgniter turns off GET parameters by default.

But by having everything done in POST, don't you get annoyed by the re-send data requests if ever you press back after a form submission?

It annoys me, but I'm not sure if I want to allow GET purely for this reason.

Is it such a big security issue to allow GET parameters too?

Answer 1

When I first started working with CodeIgniter, not using GET really threw me off as well. But then I realized that you can simulate GET parameters by manipulating the URI using the built-in URI Class. It's fantastic and it makes your URLs look better.

Or if you really need GETs working you can put this into your controller:

parse_str($_SERVER['QUERY_STRING'], $_GET); 

Which will put the variables back into the GET array.

Answer 2

This function is identical to the post function, only it fetches get data:

$this->input->get()

https://www.codeigniter.com/user_guide/libraries/input.html

Answer 3

This worked for me :

<?php
$url = parse_url($_SERVER['REQUEST_URI']);
parse_str($url['query'], $params);
?>

$params array contains the parameters passed after the ? character

Answer 4

Now it works ok from CodeIgniter 2.1.0

    //By default CodeIgniter enables access to the $_GET array.  If for some
    //reason you would like to disable it, set 'allow_get_array' to FALSE.

$config['allow_get_array']      = TRUE; 

Answer 5

You simply need to enable it in the config.php and you can use $this->input->get('param_name'); to get parameters.

Answer 6

If your your need to first parameter use it.

$this->uri->segment('3');

And your need second parameter use it

$this->uri->segment('4');

Have your many parameter enhance parameter

Answer 7

parse_str($_SERVER['QUERY_STRING'],$_GET); ONLY worked for me after I added the following line to applications/config/config.php:

$config['uri_protocol'] = "PATH_INFO";

I found $_GET params not to really be necessary in CI, but Facebook and other sites dump GET params to the end of links which would 404 for my CI site!! By adding the line above in config.php, those pages worked. I hope this helps people!

(from https://web.archive.org/web/20101227060818/http://www.maheshchari.com/work-to-get-method-on-codeigniter/)

Answer 8

my parameter is ?uid=4 and get it with:

$this->uid = $this->input->get('uid', TRUE);
  echo $this->uid;

wis

Answer 9

You can enable query strings if you really insist. In your config.php you can enable query strings:

$config['enable_query_strings'] = TRUE;

For more info you can look at the bottom of this Wiki page: http://codeigniter.com/user_guide/general/urls.html

Still, learning to work with clean urls is a better suggestion.

Answer 10

"don't you get annoyed by the re-send data requests if ever you press back after a form submission"

you can get around this by doing a redirect from the page that processes your form submission to the success page. the last "action" was the loading of the success page, not the form submission, which means if users do an F5 it will just reload that page and not submit the form again.

Answer 11

A little bit out of topic, but I was looking for a get function in CodeIgniter just to pass some variables between controllers and come across Flashdata.
see : http://codeigniter.com/user_guide/libraries/sessions.html
Flashdata allows you to create a quick session data that will only be available for the next server request, and are then automatically cleared.

Answer 12

MY_Input.php :

<?php
// this class extension allows for $_GET access
class MY_Input extends CI_input {

    function _sanitize_globals()
    {
        // setting allow_get_array to true is the only real modification
        $this->allow_get_array = TRUE;

        parent::_sanitize_globals();
    }

}
/* End of file MY_Input.php */
/* Location: .application/libraries/MY_Input.php */

MY_URI.php :

<?php
/*
 | this class extension allows for $_GET access by retaining the
 | standard functionality of allowing query strings to build the 
 | URI String, but checks if enable_query_strings is TRUE
*/
class MY_URI extends CI_URI{

    function _fetch_uri_string()
    {
        if (strtoupper($this->config->item('uri_protocol')) == 'AUTO')
        {
            // If the URL has a question mark then it's simplest to just
            // build the URI string from the zero index of the $_GET array.
            // This avoids having to deal with $_SERVER variables, which
            // can be unreliable in some environments
            //
            //  *** THE ONLY MODIFICATION (EXTENSION) TO THIS METHOD IS TO CHECK 
            //      IF enable_query_strings IS TRUE IN THE LINE BELOW ***
            if ($this->config->item('enable_query_strings') === TRUE && is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '')
            {
                $this->uri_string = key($_GET);
                return;
            }

            // Is there a PATH_INFO variable?
            // Note: some servers seem to have trouble with getenv() so we'll test it two ways
            $path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
            if (trim($path, '/') != '' && $path != "/".SELF)
            {
                $this->uri_string = $path;
                return;
            }

            // No PATH_INFO?... What about QUERY_STRING?
            $path =  (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
            if (trim($path, '/') != '')
            {
                $this->uri_string = $path;
                return;
            }

            // No QUERY_STRING?... Maybe the ORIG_PATH_INFO variable exists?
            $path = str_replace($_SERVER['SCRIPT_NAME'], '', (isset($_SERVER['ORIG_PATH_INFO'])) ? $_SERVER['ORIG_PATH_INFO'] : @getenv('ORIG_PATH_INFO'));
            if (trim($path, '/') != '' && $path != "/".SELF)
            {
                // remove path and script information so we have good URI data
                $this->uri_string = $path;
                return;
            }

            // We've exhausted all our options...
            $this->uri_string = '';
        }
        else
        {
            $uri = strtoupper($this->config->item('uri_protocol'));

            if ($uri == 'REQUEST_URI')
            {
                $this->uri_string = $this->_parse_request_uri();
                return;
            }

            $this->uri_string = (isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
        }

        // If the URI contains only a slash we'll kill it
        if ($this->uri_string == '/')
        {
            $this->uri_string = '';
        }
    }

}
/* End of file MY_URI.php */
/* Location: .application/libraries/MY_URI.php */

Answer 13

allesklar: That is slightly misleading, as scripts and bots can POST data nearly as easily as sending a normal request. It's not a secret, it's part of HTTP.

Answer 14

Even easier:

curl -X POST -d "param=value&param2=value" http://example.com/form.cgi

that plugin's pretty cool though.

Answer 15

You can Try this

$this->uri->segment('');

Answer 16

GET parameters are cached by the web browser, POST is not. So with a POST you don't have to worry about caching, so that is why it is usually prefered.

Answer 17

Do this below. Worked for me. I took values from a select box and another textbox. Then on button click I took the entire data in Javascript function and redirected using javascript.

//Search Form
$(document).ready (function($){
    $("#searchbtn").click(function showAlert(e){
        e.preventDefault();
        var cat = $('#category').val();
        var srch = $('#srch').val();

        if(srch==""){
            alert("Search is empty :(");
        }
        else{
            var url = baseurl+'categories/search/'+cat+'/'+srch;            
            window.location.href=url;
        }
    });
});

The above code worked for me.