diff options
Diffstat (limited to 'user_guide')
-rw-r--r-- | user_guide/changelog.html | 18 | ||||
-rw-r--r-- | user_guide/database/configuration.html | 4 | ||||
-rw-r--r-- | user_guide/database/queries.html | 9 | ||||
-rw-r--r-- | user_guide/helpers/url_helper.html | 2 | ||||
-rw-r--r-- | user_guide/images/appflowchart.gif | bin | 25276 -> 12363 bytes | |||
-rw-r--r-- | user_guide/libraries/cart.html | 20 | ||||
-rw-r--r-- | user_guide/libraries/form_validation.html | 30 | ||||
-rw-r--r-- | user_guide/libraries/loader.html | 6 | ||||
-rw-r--r-- | user_guide/overview/appflow.html | 2 |
9 files changed, 61 insertions, 30 deletions
diff --git a/user_guide/changelog.html b/user_guide/changelog.html index c1ee37fc5..9fbadbf2f 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -67,23 +67,34 @@ Change Log <ul> <li>An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. <p>An incompatibility in PHP versions < 5.2.3 and MySQL < 5.0.7 with <em>mysql_set_charset()</em> creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments.</p> <p class="critical">If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.</p></li> </ul> + </li> <li>General Changes <ul> <li>Fixed a bug where there was a misspelling within a code comment in the index.php file.</li> <li>Added Session Class userdata to the output profiler. Additionally, added a show/hide toggle on HTTP Headers, Session Data and Config Variables.</li> <li>Removed internal usage of the <samp>EXT</samp> constant.</li> <li>Visual updates to the welcome_message view file and default error templates. Thanks to <a href="https://bitbucket.org/danijelb">danijelb</a> for the pull request.</li> - <li>Added <samp>insert_batch()</samp> function to the PostgreSQL database driver. Thanks to epallerols for the patch.</li> + <li class="reactor">Added <samp>insert_batch()</samp> function to the PostgreSQL database driver. Thanks to epallerols for the patch.</li> + <li class="reactor">Callback validation rules can now accept parameters like any other validation rule.</li> + <li class="reactor">Added "application/x-csv" to mimes.php.</li> + <li class="reactor">Typecast limit and offset in the <a href="database/queries.html">Database Driver</a> to integers.</li> </ul> </li> <li>Helpers <ul> <li>Added an optional third parameter to <samp>heading()</samp> which allows adding html attributes to the rendered heading tag.</li> + <li class="reactor"><kbd>form_open()</kbd> now only adds a hidden (Cross-site Reference Forgery) protection field when the form's action is internal and is set to the post method. (Reactor #165)</li> </ul> </li> <li>Libraries <ul> <li>Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.</li> + <li class="reactor">Added <kbd>is_unique</kbd> to the <a href="libraries/form_validation.html">Form Validation library</a>.</li> + <li class="reactor">Added <kbd>$this->db->set_dbprefix()</kbd> to the <a href="database/queries.html">Database Driver</a>.</li> + <li class="reactor">Changed <kbd>$this->cart->insert()</kbd> in the <a href="libraries/cart.html">Cart Library</a> to return the Row ID if a single item was inserted successfully.</li> + <li class="reactor">Added <kbd>$this->load->get_var()</kbd> to the <a href="libraries/loader.html">Loader library</a> to retrieve global vars set with <kbd>$this->load->view()</kbd> and <kbd>$this->load->vars()</kbd>.</li> + <li class="reactor">Changed <kbd>$this->db->having()</kbd> to insert quotes using escape() rather than escape_str().</li> + <li class="reactor">Added support to set an optional parameter in your callback rules of validation using the <a href="libraries/form_validation.html">Form Validation library</a>.</li> </ul> </li> </ul> @@ -96,6 +107,11 @@ Change Log <li>Fixed a bug (Reactor #231) where Sessions Library database table example SQL did not contain an index on last_activity. See <a href="installation/upgrade_203.html">Upgrade Notes</a>.</li> <li>Fixed a bug (Reactor #229) where the Sessions Library example SQL in the documentation contained incorrect SQL.</li> <li>Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped.</li> + <li class="reactor">Fixed a bug where the method <kbd>$this->cart->total_items()</kbd> from <a href="libraries/cart.html">Cart Library</a> now returns the sum of the quantity of all items in the cart instead of your total count.</li> + <li class="reactor">Fixed a bug where not setting 'null' when adding fields in db_forge for mysql and mysqli drivers would default to NULL instead of NOT NULL as the docs suggest.</li> + <li class="reactor">Fixed a bug where using <kbd>$this->db->select_max()</kdb>, <kbd>$this->db->select_min()</kdb>, etc could throw notices. Thanks to w43l for the patch.</li> + <li class="reactor">Fixed a bug where <a href="libraries/email.html">Email library</a> attachments with a "." in the name would using invalid MIME-types.</li> + <li class="reactor">Fixed #378 Robots identified as regular browsers by the User Agent class.</li> </ul> <h2>Version 2.0.2</h2> diff --git a/user_guide/database/configuration.html b/user_guide/database/configuration.html index 51d11c9f2..4ea2e6b3d 100644 --- a/user_guide/database/configuration.html +++ b/user_guide/database/configuration.html @@ -132,8 +132,8 @@ for the primary connection, but it too can be renamed to something more relevant <li><strong>cache_on</strong> - TRUE/FALSE (boolean) - Whether database query caching is enabled, see also <a href="caching.html">Database Caching Class</a>.</li> <li><strong>cachedir</strong> - The absolute server path to your database query cache directory.</li> <li><strong>char_set</strong> - The character set used in communicating with the database.</li> -<li><strong>dbcollat</strong> - The character collation used in communicating with the database. <p class="important"><strong>Note:</strong> For MySQL and MySQLi databases, this setting is only used as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7. There is an incompatibility in PHP with mysql_real_escape_string() which can make your site vulnerable to SQL injection if you are using a multi-byte character set and are running versions lower than these. Sites using Latin-1 or UTF-8 database character set and collation are unaffected.</p></li> -<li><strong>swap_pre</strong> - A default table prefix that should be swapped with <var>dbprefix</var>. This is useful for distributed applications where you might run manually written queries, and need the prefix to still be customizable by the end user.</li> +<li><strong>dbcollat</strong> - The character collation used in communicating with the database. <p class="important"><strong>Note:</strong> For MySQL and MySQLi databases, this setting is only used as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7 (and in table creation queries made with DB Forge). There is an incompatibility in PHP with mysql_real_escape_string() which can make your site vulnerable to SQL injection if you are using a multi-byte character set and are running versions lower than these. Sites using Latin-1 or UTF-8 database character set and collation are unaffected.</p></li> +<li><strong>swap_pre</strong> - A default table prefix that should be swapped with <var>dbprefix</var>. This is useful for distributed applications where you might run manually written queries, and need the prefix to still be customizable by the end user.</li> <li><strong>autoinit</strong> - Whether or not to automatically connect to the database when the library loads. If set to false, the connection will take place prior to executing the first query.</li> <li><strong>stricton</strong> - TRUE/FALSE (boolean) - Whether to force "Strict Mode" connections, good for ensuring strict SQL while developing an application.</li> <li><strong>port</strong> - The database port number. To use this value you have to add a line to the database config array.<code>$db['default']['port'] = 5432;</code> diff --git a/user_guide/database/queries.html b/user_guide/database/queries.html index f9f96803f..4c1ddfe7d 100644 --- a/user_guide/database/queries.html +++ b/user_guide/database/queries.html @@ -80,11 +80,16 @@ It DOES NOT return a database result set, nor does it set the query timer, or co It simply lets you submit a query. Most users will rarely use this function.</p> -<h1>Adding Database prefixes manually</h1> -<p>If you have configured a database prefix and would like to add it in manually for, you can use the following.</p> +<h1>Working with Database prefixes manually</h1> +<p>If you have configured a database prefix and would like to prepend it to a table name for use in a native SQL query for example, then you can use the following:</p> <p><code>$this->db->dbprefix('tablename');<br /> // outputs prefix_tablename</code></p> +<p>If for any reason you would like to change the prefix programatically without needing to create a new connection, you can use this method:</p> +<p><code>$this->db->set_dbprefix('newprefix');<br /><br /> +$this->db->dbprefix('tablename');<br /> +// outputs newprefix_tablename</code></p> + <h1>Protecting identifiers</h1> <p>In many databases it is advisable to protect table and field names - for example with backticks in MySQL. <strong>Active Record queries are automatically protected</strong>, however if you need to manually protect an identifier you can use:</p> diff --git a/user_guide/helpers/url_helper.html b/user_guide/helpers/url_helper.html index de28a6f56..ac9d0a68e 100644 --- a/user_guide/helpers/url_helper.html +++ b/user_guide/helpers/url_helper.html @@ -27,7 +27,7 @@ <div id="masthead"> <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> <tr> -<td><h1>CodeIgniter User Guide Version 2.0.0</h1></td> +<td><h1>CodeIgniter User Guide Version 2.0.2</h1></td> <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> </tr> </table> diff --git a/user_guide/images/appflowchart.gif b/user_guide/images/appflowchart.gif Binary files differindex 422332c9e..4328e48fe 100644 --- a/user_guide/images/appflowchart.gif +++ b/user_guide/images/appflowchart.gif diff --git a/user_guide/libraries/cart.html b/user_guide/libraries/cart.html index f084d5dcf..2e2beed9c 100644 --- a/user_guide/libraries/cart.html +++ b/user_guide/libraries/cart.html @@ -61,7 +61,7 @@ Shopping Cart Class <p>The Cart Class permits items to be added to a session that stays active while a user is browsing your site. These items can be retrieved and displayed in a standard "shopping cart" format, allowing the user to update the quantity or remove items from the cart.</p> -<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p> +<p>Please note that the Cart Class ONLY provides the core "cart" functionality. It does not provide shipping, credit card authorization, or other processing components.</p> <h2>Initializing the Shopping Cart Class</h2> @@ -106,20 +106,20 @@ It is intended to be used in cases where your product has options associated wit <li><strong>qty</strong> - The quantity being purchased. <li><strong>price</strong> - The price of the item. <li><strong>name</strong> - The name of the item. -<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array. +<li><strong>options</strong> - Any additional attributes that are needed to identify the product. These must be passed via an array. </ul> <p>In addition to the five indexes above, there are two reserved words: <dfn>rowid</dfn> and <dfn>subtotal</dfn>. These are used internally by the Cart class, so please do NOT use those words as index names when inserting data into the cart.</p> -<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among -all your products in order to make displaying the information in a table easier.</p> +<p>Your array may contain additional data. Anything you include in your array will be stored in the session. However, it is best to standardize your data among all your products in order to make displaying the information in a table easier.</p> + +<p>The insert() method will return the $rowid if you successfully insert a single item.</p> <h2>Adding Multiple Items to The Cart</h2> -<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow -people to select from among several items on the same page.</p> +<p>By using a multi-dimensional array, as shown below, it is possible to add multiple products to the cart in one action. This is useful in cases where you wish to allow people to select from among several items on the same page.</p> <code> @@ -268,8 +268,8 @@ $this->cart->update($data); <p><strong>What is a Row ID?</strong> The <kbd>row ID</kbd> is a unique identifier that is generated by the cart code when an item is added to the cart. The reason a unique ID is created is so that identical products with different options can be managed by the cart.</p> -<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be -identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this +<p>For example, let's say someone buys two identical t-shirts (same product ID), but in different sizes. The product ID (and other attributes) will be +identical for both sizes because it's the same shirt. The only difference will be the size. The cart must therefore have a means of identifying this difference so that the two sizes of shirts can be managed independently. It does so by creating a unique "row ID" based on the product ID and any options associated with it.</p> <p>In nearly all cases, updating the cart will be something the user does via the "view cart" page, so as a developer, it is unlikely that you will ever have to concern yourself @@ -311,7 +311,7 @@ function when the update form is submitted. Please examine the construction of t <h2>$this->cart->has_options(rowid);</h2> -<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p> +<p>Returns TRUE (boolean) if a particular row in the cart contains options. This function is designed to be used in a loop with <dfn>$this->cart->contents()</dfn>, since you must pass the <kbd>rowid</kbd> to this function, as shown in the <dfn>Displaying the Cart</dfn> example above.</p> <h2>$this->cart->product_options(rowid);</h2> @@ -322,7 +322,7 @@ function when the update form is submitted. Please examine the construction of t <h2>$this->cart->destroy();</h2> -<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p> +<p>Permits you to destroy the cart. This function will likely be called when you are finished processing the customer's order.</p> diff --git a/user_guide/libraries/form_validation.html b/user_guide/libraries/form_validation.html index 8fdcd1446..da2f5e5e8 100644 --- a/user_guide/libraries/form_validation.html +++ b/user_guide/libraries/form_validation.html @@ -390,10 +390,10 @@ $this->form_validation->set_rules($config); <p>CodeIgniter lets you pipe multiple rules together. Let's try it. Change your rules in the third parameter of rule setting function, like this:</p> <code> -$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]');<br /> +$this->form_validation->set_rules('username', 'Username', 'required|min_length[5]|max_length[12]|is_unique[users.username]');<br /> $this->form_validation->set_rules('password', 'Password', 'required|matches[passconf]');<br /> $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');<br /> -$this->form_validation->set_rules('email', 'Email', 'required|valid_email');<br /> +$this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]');<br /> </code> <p>The above code sets the following rules:</p> @@ -508,15 +508,13 @@ create a callback function that does that. Let's create a example of this.</p> <code>$this->form_validation->set_rules('username', 'Username', '<kbd>callback_username_check</kbd>');</code> - <p>Then add a new function called <dfn>username_check</dfn> to your controller. Here's how your controller should now look:</p> - -<textarea class="textarea" style="width:100%" cols="50" rows="44"><?php +<textarea class="textarea" style="width:100%" cols="50" rows="40"><?php class Form extends CI_Controller { - function index() + public function index() { $this->load->helper(array('form', 'url')); @@ -525,7 +523,7 @@ class Form extends CI_Controller { $this->form_validation->set_rules('username', 'Username', 'callback_username_check'); $this->form_validation->set_rules('password', 'Password', 'required'); $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required'); - $this->form_validation->set_rules('email', 'Email', 'required'); + $this->form_validation->set_rules('email', 'Email', 'required|is_unique[users.email]'); if ($this->form_validation->run() == FALSE) { @@ -537,7 +535,7 @@ class Form extends CI_Controller { } } - function username_check($str) + public function username_check($str) { if ($str == 'test') { @@ -556,14 +554,13 @@ class Form extends CI_Controller { <p><dfn>Reload your form and submit it with the word "test" as the username. You can see that the form field data was passed to your callback function for you to process.</dfn></p> -<p><strong>To invoke a callback just put the function name in a rule, with "callback_" as the rule prefix.</strong></p> +<p>To invoke a callback just put the function name in a rule, with "callback_" as the rule <strong>prefix</strong>. If you need +to receive an extra parameter in your callback function, just add it normally after the function name between square brackets, +as in: "callback_foo<strong>[bar]</strong>", then it will be passed as the second argument of your callback function.</p> -<p>You can also process the form data that is passed to your callback and return it. If your callback returns anything other than a boolean TRUE/FALSE +<p><strong>Note:</strong> You can also process the form data that is passed to your callback and return it. If your callback returns anything other than a boolean TRUE/FALSE it is assumed that the data is your newly processed form data.</p> - - - <a name="settingerrors"></a> <h2>Setting Error Messages</h2> @@ -947,6 +944,13 @@ POST array:</p> </tr> <tr> + <td class="td"><strong>is_unique</strong></td> + <td class="td">Yes</td> + <td class="td">Returns FALSE if the form element is not unique to the table and field name in the parameter.</td> + <td class="td">is_unique[table.field]</td> + </tr> + + <tr> <td class="td"><strong>min_length</strong></td> <td class="td">Yes</td> <td class="td">Returns FALSE if the form element is shorter then the parameter value.</td> diff --git a/user_guide/libraries/loader.html b/user_guide/libraries/loader.html index 1d93af5ed..a472730ca 100644 --- a/user_guide/libraries/loader.html +++ b/user_guide/libraries/loader.html @@ -175,6 +175,12 @@ and merged into one array for conversion to variables. </p> +<h2>$this->load->get_var(<samp>$key</samp>)</h2> + +<p>This function checks the associative array of variables available to your views. This is useful if for any reason a var is set in a library or another controller method using $this->load->vars(). +</p> + + <h2>$this->load->helper('<var>file_name</var>')</h2> <p>This function loads helper files, where <var>file_name</var> is the name of the file, without the <kbd>_helper.php</kbd> extension.</p> diff --git a/user_guide/overview/appflow.html b/user_guide/overview/appflow.html index bcbc43ff8..7c8d4accb 100644 --- a/user_guide/overview/appflow.html +++ b/user_guide/overview/appflow.html @@ -60,7 +60,7 @@ Appflow <p>The following graphic illustrates how data flows throughout the system:</p> -<div><img src="../images/appflowchart.gif" width="697" height="205" border="0" alt="CodeIgniter application flow" /></div> +<div><img src="../images/appflowchart.gif" width="769" height="212" alt="CodeIgniter application flow"></div> <ol> |