1

Controller

function delete_payment($payment_id)
{
    $this->sale_lib->delete_payment($payment_id);
    $this->_reload();
}

View

   <?php echo anchor("sales/delete_payment/$payment_id",'['.$this->lang->line('common_delete').']');?>

It is possible for $payment_id to be something like "Gift Card:1" or "Gift Card:12345983984334"

When it is Gift Card:1 the url is automatically decoded and the delete function works, when it is a longer string such as Gift Card:12345983984334" the url is NOT decoded.

URLS are:

http://localhost/index.php/sales/delete_payment/Gift%20Card:1

http://localhost/index.php/sales/delete_payment/Gift%20Card:12345983984334

First one works, second one doesn't

Cœur
  • 37,241
  • 25
  • 195
  • 267
Chris Muench
  • 17,444
  • 70
  • 209
  • 362
  • what's the code in delete_payment() function? What's the encoding you're referring to? urlencoding of the browser? – Damien Pirsy Jun 07 '11 at 22:04
  • $payment_id ends up being decoded when the url is http://localhost/index.php/sales/delete_payment/Gift%20Card:1, but otherwise the url ends up having %20 instead of a space in it. It seems for some reason the url is being processed differently. I tried tracing through the CI router, but couldn't quite figure it out. – Chris Muench Jun 13 '11 at 16:37
  • This could easily be avoided by using `$_GET` or more importantly: not using urls and GET for destructive actions in the first place, but rather using `$_POST`. – Wesley Murch Jun 14 '11 at 11:05
  • +1 for NOT using URIs to perform this type of action, at worst it's a security risk and at best is bad practice! – Chris Jun 14 '11 at 13:33

3 Answers3

4

Actually, I just tried to replicate your situation on my local machine (WAMP on Windows 7) and you're right. I tried on all major browsers (FF4,IE9,Chrome) and saw no differences.

Although this doesn't really answers your question, you can always rig a workaround like this with php function rawurldecode:

function delete_payment($payment_id)
{
    $decoded_id = rawurldecode($payment_id);
    $this->sale_lib->delete_payment($decoded_id);
    $this->_reload();
}

In this way you'll have your 'id' in the form Gift Card:123456789 (I tried with different lenghts and alwyas worked), ready for your model.

Damien Pirsy
  • 25,319
  • 8
  • 70
  • 77
1

use %3A instead of : It is the encoded ":"

ankur.singh
  • 658
  • 5
  • 11
0

...following on from my comment...

If you were to continue down the path of using the URI string to perform a delete then why not just have the ID number as another URI segment? -- Removes the : -- Removes the URI encoding problem!

Assuming that you're already using some sort of URI re-writting or URI to application mapping then this should be easy to implement on top of what you have already. Plus it should simplify the way you retrieve and utilise this value, and possibly handle any errors!

My approach to programming and application design is:
- "If you find something difficult to do then you're doing it wrong!"

Sorry if this isn't much help.

fyi - I upvoted @ankur.singh's answer

Edit: found this here on StackOverflow that might be useful!

Community
  • 1
  • 1
Chris
  • 882
  • 1
  • 10
  • 22