Codeigniter and Pagination with Query Strings

Question

I am trying to build a Search with Pagination in Codeigniter and would love some help with it.

So far, I've realized that I can not use BOTH url segments and query strings together. Using only query strings produces very ugly URLs.

I understand that Codeigniter destroys the GET and I'm trying to put it back in. Ergo... if I place this in the constructor of the search controller, will my problems be solved?

        parse_str(substr(strrchr($_SERVER['REQUEST_URI'], "?"), 1), $_GET);

As in, if it works for me, is there anything I need to be aware of security wise?

Answer 1

So far, I've realized that I can not use BOTH url segments and query strings together.

Sure you can. Try this in your config:

$config['uri_protocol'] = "PATH_INFO";

That should get things started. Now, since CI abandons and empties the $_GET variable, you need to repopulate it like this:

parse_str($_SERVER['QUERY_STRING'],$_GET);

Now the only real concern here is that, if you have global XSS filtering on, you should know that you just manually parsed the query string into the global $_GET variable. This means you haven't passed it through any XSS filters. In CI 1.x you can access the filter through the input library like this:

$myvar = $this->input->xss_clean($_GET['myvar']);

In CI 2.x you do it through the security library like this:

$myvar = $this->security->xss_clean($_GET['myvar']);

Of course, it goes without saying that you can extend the Controller class to have a get() method that does all this automatically such that you can do this:

$myvar = $this->get('myvar');