SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    geting a portion of the URL

    I am using $_SERVER['REQUEST_URI'] to grab the URL...which is this:
    /Appointments/Administrator/events.php/219

    My question is what string function I should use to grab the number after /events.php/.

    In the example above is 219...but it can be any number.

  2. #2
    SitePoint Mentor silver trophy
    Rubble's Avatar
    Join Date
    Dec 2005
    Location
    Cambridge, England
    Posts
    2,398
    Mentioned
    81 Post(s)
    Tagged
    3 Thread(s)
    Seems a bit strange just having a number but here is some information on parse_url which I do not think will help you.

    I would probably use explode()

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Rubble View Post
    Seems a bit strange just having a number...
    Well,I am trying to build an events calendar based on this tutorialhttp://blog.shinetech.com/2011/08/05...step-tutorial/.

    It uses a RESTfull interface and the number in the URL is an event ID.

    Anyway...I will try your reccomendations.

  4. #4
    SitePoint Guru bronze trophy
    Join Date
    Feb 2013
    Posts
    727
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Yes, explode and end should do it.
    PHP Code:
    <?php
    //test 
    $url "/Appointments/Administrator/events.php/219"
    //$url = $_SERVER['REQUEST_URI'];
    $parts explode('/'$url);
    $number end($parts);
    ?>
    Just be sure to validate/escape/bind any value returned.

  5. #5
    Community Advisor bronze trophy
    fretburner's Avatar
    Join Date
    Apr 2013
    Location
    Brazil
    Posts
    1,402
    Mentioned
    45 Post(s)
    Tagged
    12 Thread(s)
    Hi designtrooper,

    Have you thought about using a micro framework for the API? It would take care of this sort of thing out of the box.

    I've used the Slim framework before and found it to be lightweight but quite useful. A basic example of using it to create a route like you wanted would look something like this:

    PHP Code:
    <?php
    $app 
    = new \Slim\Slim();

    $app->get('/events/:id', function ($id) {
        
    //Retrieve and return your event 
    });

    // You can then add other routes to deal with creating new events etc:
    $app->post('/events', function () {
        
    //Create event
    });
    "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies."

  6. #6
    SitePoint Mentor bronze trophy
    John_Betong's Avatar
    Join Date
    Aug 2005
    Location
    City of Angels
    Posts
    1,833
    Mentioned
    73 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by designtrooper View Post
    I am using $_SERVER['REQUEST_URI'] to grab the URL...which is this:
    /Appointments/Administrator/events.php/219

    My question is what string function I should use to grab the number after /events.php/.

    In the example above is 219...but it can be any number.
    Here is yet another method of extracting just the latter number:
    PHP Code:

     $url 
    '/Appointments/Administrator/events.php/219';
     
    $x   strrchr($url'/');
     
    $y   substr($x1);

    // combined result
     
    $z   substr(strrchr($url'/'), 1);

    echo 
    '<br />' .$url;
    echo 
    '<br />' .$x;
    echo 
    '<br />' .$y;

    echo 
    '<br />';
    echo 
    '<br />' .$z 
    Output:
    /Appointments/Administrator/events.php/219
    /219
    219


    219
    Any more solutions?
    Last edited by John_Betong; Apr 8, 2014 at 03:17. Reason: formatting
    Learn how to be ready for The New Move to Discourse

    How to make Make Money Now with a *NEW* look

    Be sure to congratulate Patche on earning Member of the Month for July 2014

  7. #7
    SitePoint Enthusiast
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Drummin View Post
    Yes, explode and end should do it.
    PHP Code:
    <?php
    //test 
    $url "/Appointments/Administrator/events.php/219"
    //$url = $_SERVER['REQUEST_URI'];
    $parts explode('/'$url);
    $number end($parts);
    ?>
    Just be sure to validate/escape/bind any value returned.
    Yes the above will do it...thanks.About validating etc.nothing is returned...the code is used to delete an event from the db(using the provided ID...219 in this case).
    The only thing that gets returned is a boolean true that the deletion actually took place-false otherwise.

    Quote Originally Posted by fretburner View Post
    Hi designtrooper,

    Have you thought about using a micro framework for the API? It would take care of this sort of thing out of the box.

    I've used the Slim framework before and found it to be lightweight but quite useful. A basic example of using it to create a route like you wanted would look something like this:

    PHP Code:
    <?php
    $app 
    = new \Slim\Slim();

    $app->get('/events/:id', function ($id) {
        
    //Retrieve and return your event 
    });

    // You can then add other routes to deal with creating new events etc:
    $app->post('/events', function () {
        
    //Create event
    });
    If I was going to use a framework I was thinking laravel...but I am reconsidering now because I have heard slim elsewhere to.
    Overall...do you think is better to use a framework instead of writing the code my own?

    I want to hear some views.

    Thanks

  8. #8
    Community Advisor bronze trophy
    fretburner's Avatar
    Join Date
    Apr 2013
    Location
    Brazil
    Posts
    1,402
    Mentioned
    45 Post(s)
    Tagged
    12 Thread(s)
    Quote Originally Posted by designtrooper View Post
    If I was going to use a framework I was thinking laravel...but I am reconsidering now because I have heard slim elsewhere to.
    Overall...do you think is better to use a framework instead of writing the code my own?
    I think that depends. If you're doing it as a learning exercise then it can be beneficial to write all the code yourself, at least so you can appreciate the stuff that a framework usually takes care of for you, and to have some idea of how it works behind the scenes (to this end, it's also good to read through the code of some different frameworks to see how they approach common tasks).

    On the other hand, once you're past the learning curve of a particular framework you can be a lot more productive, as you avoid writing a lot of 'boilerplate' code for every project. I'd also definitely look into a few of the most popular ones if you want to improve your job options as a web developer (Symfony2, ZF2, and Laravel being some of the most popular).

    As for using Laravel for a project like the one you're doing, there are some pros and cons. On the plus side, Laravel seems really nice to work with (I've just started playing around with it myself) and is certainly very popular, so it's easy to find tutorials and bundles (modules) for it. It also has some nice features that make it easy to put together a RESTful API. On the con side, the codebase is quite large (roughly 18mb for the base install).. it includes a lot of stuff that might be overkill for a simple API that's serving as the back-end for a JS app. If you were building an API that was going to get heavy use, I suspect Slim might give you better performance from being rather lightweight in comparison.
    "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies."

  9. #9
    SitePoint Zealot bronze trophy xMog's Avatar
    Join Date
    Mar 2011
    Posts
    145
    Mentioned
    3 Post(s)
    Tagged
    1 Thread(s)
    Code:
    About validating etc.nothing is returned...the code is used to delete an event from the db(using the provided ID...219 in this case).
    Just be careful and validate that it's really just a number anyway.
    Consider an SQL statement like this:
    DELETE FROM Table WHERE id=$id

    and the URL:
    http://www.somesite.com/Appointments...20id%20%3E%200

    which will give you the following SQL statement:
    DELETE FROM Events WHERE id=200 OR id > 0

    Now your Events table is empty!

    Of course, you should use "prepared statements" to prevent it, but we're never too careful

  10. #10
    SitePoint Enthusiast
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by xMog View Post
    Code:
    About validating etc.nothing is returned...the code is used to delete an event from the db(using the provided ID...219 in this case).
    Just be careful and validate that it's really just a number anyway.
    Consider an SQL statement like this:
    DELETE FROM Table WHERE id=$id

    and the URL:
    http://www.somesite.com/Appointments...20id%20%3E%200

    which will give you the following SQL statement:
    DELETE FROM Events WHERE id=200 OR id > 0

    Now your Events table is empty!

    Of course, you should use "prepared statements" to prevent it, but we're never too careful
    Yes...but the ID is not entered by the user (from a form for example)...the app handles that.
    How can this be tampered...I do not know a lot from security.

    Lastly...I have some questions about the Slim framework but I am going to open separate topic for that-the purpose of this topic was not for that anyway.

    Thanks

  11. #11
    SitePoint Zealot bronze trophy xMog's Avatar
    Join Date
    Mar 2011
    Posts
    145
    Mentioned
    3 Post(s)
    Tagged
    1 Thread(s)
    Well, I could sniff the traffic on my internal network, see that your app calls this url and use the url in a normal browser.

  12. #12
    SitePoint Wizard silver trophybronze trophy asp_funda's Avatar
    Join Date
    Jun 2003
    Location
    ether
    Posts
    4,497
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by designtrooper View Post
    Yes...but the ID is not entered by the user (from a form for example)...the app handles that.
    How can this be tampered...I do not know a lot from security.
    Ever heard of CSRF? Some people/bots test random URIs as well to see if they hit anything (worth exploiting), as anyone who has ever looked at server logs hosting a public site would tell you. So better be safe than sorry!

    Since its a number & your code expects a number its fairly easy for you to validate. Just check if its a number or not & pass the value through intval() and you will get a safe value from it. So it'd be something like:
    Code:
    if ( is_numeric( $number ) ) {
        $number = intval( $number );
    } else {
        $number = 0;
    }
    
    if ( $number > 0 ) {
        //do the deletion
    } else {
        //throw an exception or hold the silence
    }
    Our lives teach us who we are.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Me - Photo Blog - Personal Blog - Dev Blog
    iG:Syntax Hiliter -- Colourize your code in WordPress!!

  13. #13
    SitePoint Enthusiast
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by asp_funda View Post
    Ever heard of CSRF? Some people/bots test random URIs as well to see if they hit anything (worth exploiting), as anyone who has ever looked at server logs hosting a public site would tell you. So better be safe than sorry!

    Since its a number & your code expects a number its fairly easy for you to validate. Just check if its a number or not & pass the value through intval() and you will get a safe value from it. So it'd be something like:
    Code:
    if ( is_numeric( $number ) ) {
        $number = intval( $number );
    } else {
        $number = 0;
    }
    
    if ( $number > 0 ) {
        //do the deletion
    } else {
        //throw an exception or hold the silence
    }
    What you say certainly makes sense.I will look at the validation aspect too.
    Thanks

  14. #14
    SitePoint Wizard silver trophybronze trophy asp_funda's Avatar
    Join Date
    Jun 2003
    Location
    ether
    Posts
    4,497
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    There is a basic rule of thumb - never trust a value that is not hardcoded in your code, always validate & sanitize. If you follow this simple rule, you should be golden as far as simple/dumb attacks are concerned.
    Our lives teach us who we are.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Me - Photo Blog - Personal Blog - Dev Blog
    iG:Syntax Hiliter -- Colourize your code in WordPress!!

  15. #15
    SitePoint Enthusiast
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by asp_funda View Post
    There is a basic rule of thumb - never trust a value that is not hardcoded in your code, always validate & sanitize. If you follow this simple rule, you should be golden as far as simple/dumb attacks are concerned.
    Well,of course I know this rule.I always implemented in forms.
    But it is the first time I am working with URLs/REST and I do not quite know what are the security implications here.

    It is new area for me.

  16. #16
    SitePoint Wizard silver trophybronze trophy asp_funda's Avatar
    Join Date
    Jun 2003
    Location
    ether
    Posts
    4,497
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Forms, URLs - the rule applies everywhere. Like I said, if a value is not hard-coded into your code, you should not trust it.
    Our lives teach us who we are.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Me - Photo Blog - Personal Blog - Dev Blog
    iG:Syntax Hiliter -- Colourize your code in WordPress!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •