Home/ Questions/Q 6203563
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T04:56:19+00:00

I have enabled csrf protection in Codeigniter. Using form_open() I’m able to produce a

  • 0

I have enabled csrf protection in Codeigniter. Using form_open()I’m able to produce a hidden csrf value that should be verified in my controller. However I’m not submitting any input fields but just passing a url paramater via the form action.

In my controller I don’t need to set validation rules so I have

function delete_post($post_id = '') //post id passed via 3rd URL segment
{ 
    if (is_int($post_id) && valid_post($post_id)) //valid_post() returns true if post id exists
    {   
       $this->Posts_model->delete_post_model($post_id);         
       redirect('site');  
    }                   
}

Csrf protection doesn’t seem to work without validation rules. Is it possible to make this work without passing post_id via a hidden input?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As you can see in the code of the Security class, CSRF protections only works with POST data (form validation also works with POST data actually).

    You should to this the CodeIgniter way and use a POST request. If you’re using AJAX, then simply change GET to POST, and if you’re using a form, set the method to post. If you can’t do it then you’ll have to fight against CodeIgniter core code, so try to explain why. 🙂

    • 0