Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CodeIgniter POST variables

Anyone know why:

class Booking extends Controller {

    function booking()
    {
        parent::Controller();
    }

    function send_instant_to_paypal()
    {
        print_r($_POST);
        echo '<hr />';
        print_r($this->input->post());
        echo '<hr />';
        $id_booking = $this->input->post('id_booking');
        $title = $this->input->post('basket_description');
        $cost = ($this->input->post('fee_per_min') * $this->input->post('amount'));
        echo $id_booking;
        echo $title
        echo $cost
    }
}

Will echo post variables in CI for $_POST but NOT for $this->input->post();?

I've got $this->input->post() in use and working on a search page elsewhere in the site... but on this page, it's not working.. here's my form...

<form id="add_funds" action="' . site_url('booking/send_instant_to_paypal') . '" method="post">
<input type="text" name="amount" id="amount" value="" />
<input type="hidden" name="id_booking" id="id_booking" value="0" />
<input type="hidden" name="basket_description" id="basket_description" value="Adding Credit" />
<input type="hidden" name="fee_per_min" id="fee_per_min" value="' . $fee_per_min . '" />
<input type="submit" value="Add to basket" />
</form>

It's mental ;-p Anyone spot anything obviously stupid I'm missing?

like image 548
Beertastic Avatar asked Mar 23 '11 17:03

Beertastic


2 Answers

You most likely have XSS or CSRF enabled and it will prohibit (guessing here) Paypal to get those details back to you.

This is typical of CodeIgniter, and there are some work arounds like excluding CSRF for certain controllers (via config or hook).

If you give some more details on where the POST is coming from I can answer a bit clearly.

edit

could be that you are calling $this->input->post() incorrectly? I know that CI2.1 added support for $this->input->post() to return the full array, but until this point you had to explicitly define the post variable you wanted ala:

$user = $this->input->post('username');

like image 200
Jakub Avatar answered Nov 15 '22 05:11

Jakub


I resolved the issue with excluding CSRF protection for that particular method

you can add this code in application/config/config.php

if(stripos($_SERVER["REQUEST_URI"],'/Booking/send_instant_to_paypal') === FALSE)
{
    $config['csrf_protection'] = TRUE;
}
else
{
    $config['csrf_protection'] = FALSE;
}
like image 30
Adiyya Tadikamalla Avatar answered Nov 15 '22 04:11

Adiyya Tadikamalla