Home/ Questions/Q 7188053
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T18:58:58+00:00

I am trying to pass a segment to a controller. The url is like

  • 0

I am trying to pass a segment to a controller. The url is like base_url/controller/function/seg1. I want to ensure that if the user try to enter the segment in the address bar, the controller would make sure there are not other words to be proceeded except the segment I want to pass.

For example, If the user tries to type base_url/main/function/(change this to other words) in address bar, the controller will filter the segment. I am not sure how to do it and would appreciate if someone can help me out.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Okay, so the best way to “secure” against such things would be to simply create a session at the time the user logs into your site with two values stored in that session;

    1) Their database primary key id, and
    2) a session item called ‘logged_in’

    At the time that your user would log into your site, you would store those two values like this;

    $this->session->set_userdata('logged_in', true);
$this->session->set_userdata('user_id', $id);

    Where $id is pulled from their user record during authentication.

    Now that you have those in there, the next part would be that, in your controller, you would put an if statement in that checks if the user is logged in, as such;

    function show($id) {
  if($this->session->userdata('logged_in')) {
    $posts = $this->Model_posts->get_user_posts($id);
  }
}

    Now, in your model, you would create a function for pulling the record that you want the user to be able to view based on their user_id. We’ll say user posts for example.

    function get_user_posts($user_id, $post_id) {
   $sql = "SELECT * FROM posts WHERE user_id = ? AND id = ?";
   $binds = array($user_id, $post_id);
   $qry = $this->db->query($sql, $binds);
   $result = array();

   while($row = $qry->result_array()) {
     array_push($result, $row);
   }
   return $result;
}

    Now, when a logged in user or visitor tries to access records that don’t belong to them, they will not retrieve any records because the select statement limits what’s returned only to that user.

    • 0