Palash Gupta Palash Gupta - 3 months ago 21
PHP Question

YII sanitize input by get parameter




I am working in yii1. I want to edit a record on the based of id(primary key), and passes id inf the form of query string from one page to another. Now I want to sanitize that id on controller where I receive id.

I use

filter_input()
but it cant work.



public function actionEditStudentById()
{
try
{
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
echo $id;
die();

$id = $_GET['id'];
$model = StudentDetail::getStudentById($id);

if (!$model) throw new Exception;

if(isset($_POST['StudentDetail']))
{
$model->attributes = $_POST['StudentDetail'];
if($model->validate())
{
$model->save(FALSE);
Yii::app()->user->setFlash('update', "Record updated successfully!");
$this->redirect(['student/list']);
}
}
$this->render('_form',array('model'=>$model));
}
catch(Exception $e)
{
echo 'Invalid user id: user not available';
}
}


Here
die()
is just used to stop the code. Just before
die()
id is always null. I want that id is always be a number and not any symbol allows in url

Answer

Hi Why don't you use int before your id

Cast your string to an integer explicitly

 $id = (int)$_GET['id'];