]>
Commit | Line | Data |
---|---|---|
59c06b17 CS |
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
2 | <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> | |
3 | <head> | |
4 | ||
5 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | |
6 | <title>Input Class : CodeIgniter User Guide</title> | |
7 | ||
8 | <style type='text/css' media='all'>@import url('../userguide.css');</style> | |
9 | <link rel='stylesheet' type='text/css' media='all' href='../userguide.css' /> | |
10 | ||
11 | <script type="text/javascript" src="../nav/nav.js"></script> | |
12 | <script type="text/javascript" src="../nav/prototype.lite.js"></script> | |
13 | <script type="text/javascript" src="../nav/moo.fx.js"></script> | |
14 | <script type="text/javascript" src="../nav/user_guide_menu.js"></script> | |
15 | ||
16 | <meta http-equiv='expires' content='-1' /> | |
17 | <meta http-equiv= 'pragma' content='no-cache' /> | |
18 | <meta name='robots' content='all' /> | |
19 | <meta name='author' content='ExpressionEngine Dev Team' /> | |
20 | <meta name='description' content='CodeIgniter User Guide' /> | |
21 | ||
22 | </head> | |
23 | <body> | |
24 | ||
25 | <!-- START NAVIGATION --> | |
26 | <div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div> | |
27 | <div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div> | |
28 | <div id="masthead"> | |
29 | <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> | |
30 | <tr> | |
31 | <td><h1>CodeIgniter User Guide Version 2.1.3</h1></td> | |
32 | <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> | |
33 | </tr> | |
34 | </table> | |
35 | </div> | |
36 | <!-- END NAVIGATION --> | |
37 | ||
38 | ||
39 | <!-- START BREADCRUMB --> | |
40 | <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> | |
41 | <tr> | |
42 | <td id="breadcrumb"> | |
43 | <a href="http://codeigniter.com/">CodeIgniter Home</a> › | |
44 | <a href="../index.html">User Guide Home</a> › | |
45 | Input Class | |
46 | </td> | |
47 | <td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td> | |
48 | </tr> | |
49 | </table> | |
50 | <!-- END BREADCRUMB --> | |
51 | ||
52 | <br clear="all" /> | |
53 | ||
54 | ||
55 | <!-- START CONTENT --> | |
56 | <div id="content"> | |
57 | ||
58 | ||
59 | <h1>Input Class</h1> | |
60 | ||
61 | <p>The Input Class serves two purposes:</p> | |
62 | ||
63 | <ol> | |
64 | <li>It pre-processes global input data for security.</li> | |
65 | <li>It provides some helper functions for fetching input data and pre-processing it.</li> | |
66 | </ol> | |
67 | ||
68 | <p class="important"><strong>Note:</strong> This class is initialized automatically by the system so there is no need to do it manually.</p> | |
69 | ||
70 | ||
71 | <h2>Security Filtering</h2> | |
72 | ||
73 | <p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> | |
74 | ||
75 | <ul> | |
76 | <li>If $config['allow_get_array'] is FALSE(default is TRUE), destroys the global GET array.</li> | |
77 | <li>Destroys all global variables in the event register_globals is turned on.</li> | |
78 | <li>Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li> | |
79 | <li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> | |
80 | <li>Standardizes newline characters to \n(In Windows \r\n)</li> | |
81 | </ul> | |
82 | ||
83 | ||
84 | <h2>XSS Filtering</h2> | |
85 | ||
86 | <p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your | |
87 | <kbd>application/config/config.php</kbd> file and setting this:</p> | |
88 | ||
89 | <code>$config['global_xss_filtering'] = TRUE;</code> | |
90 | ||
91 | <p>Please refer to the <a href="security.html">Security class</a> documentation for information on using XSS Filtering in your application.</p> | |
92 | ||
93 | ||
94 | <h2>Using POST, COOKIE, or SERVER Data</h2> | |
95 | ||
96 | <p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided | |
97 | functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and | |
98 | return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. | |
99 | In other words, normally you might do something like this:</p> | |
100 | ||
101 | <code> | |
102 | if ( ! isset($_POST['something']))<br /> | |
103 | {<br /> | |
104 | $something = FALSE;<br /> | |
105 | }<br /> | |
106 | else<br /> | |
107 | {<br /> | |
108 | $something = $_POST['something'];<br /> | |
109 | }</code> | |
110 | ||
111 | <p>With CodeIgniter's built in functions you can simply do this:</p> | |
112 | ||
113 | <code>$something = $this->input->post('something');</code> | |
114 | ||
115 | <p>The three functions are:</p> | |
116 | ||
117 | <ul> | |
118 | <li>$this->input->post()</li> | |
119 | <li>$this->input->cookie()</li> | |
120 | <li>$this->input->server()</li> | |
121 | </ul> | |
122 | ||
123 | <h2>$this->input->post()</h2> | |
124 | ||
125 | <p>The first parameter will contain the name of the POST item you are looking for:</p> | |
126 | ||
127 | <code>$this->input->post('some_data');</code> | |
128 | ||
129 | <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> | |
130 | ||
131 | <p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> | |
132 | ||
133 | <code>$this->input->post('some_data', TRUE);</code> | |
134 | ||
135 | <p>To return an array of all POST items call without any parameters.</p> | |
136 | <p>To return all POST items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;</p> | |
137 | <p>The function returns FALSE (boolean) if there are no items in the POST.</p> | |
138 | ||
139 | <code> | |
140 | $this->input->post(NULL, TRUE); // returns all POST items with XSS filter | |
141 | <br /> | |
142 | $this->input->post(); // returns all POST items without XSS filter | |
143 | </code> | |
144 | ||
145 | <h2>$this->input->get()</h2> | |
146 | ||
147 | <p>This function is identical to the post function, only it fetches get data:</p> | |
148 | ||
149 | <code>$this->input->get('some_data', TRUE);</code> | |
150 | ||
151 | <p>To return an array of all GET items call without any parameters.</p> | |
152 | <p>To return all GET items and pass them through the XSS filter set the first parameter NULL while setting the second parameter to boolean;</p> | |
153 | <p>The function returns FALSE (boolean) if there are no items in the GET.</p> | |
154 | ||
155 | <code> | |
156 | $this->input->get(NULL, TRUE); // returns all GET items with XSS filter | |
157 | <br /> | |
158 | $this->input->get(); // returns all GET items without XSS filtering | |
159 | </code> | |
160 | ||
161 | <h2>$this->input->get_post()</h2> | |
162 | ||
163 | <p>This function will search through both the post and get streams for data, looking first in post, and then in get:</p> | |
164 | ||
165 | <code>$this->input->get_post('some_data', TRUE);</code> | |
166 | ||
167 | <h2>$this->input->cookie()</h2> | |
168 | ||
169 | <p>This function is identical to the post function, only it fetches cookie data:</p> | |
170 | ||
171 | <code>$this->input->cookie('some_data', TRUE);</code> | |
172 | ||
173 | <h2>$this->input->server()</h2> | |
174 | ||
175 | <p>This function is identical to the above functions, only it fetches server data:</p> | |
176 | ||
177 | <code>$this->input->server('some_data');</code> | |
178 | ||
179 | ||
180 | <h2>$this->input->set_cookie()</h2> | |
181 | ||
182 | <p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: | |
183 | Array Method, and Discrete Parameters:</p> | |
184 | ||
185 | <h4>Array Method</h4> | |
186 | ||
187 | <p>Using this method, an associative array is passed to the first parameter:</p> | |
188 | ||
189 | <code>$cookie = array(<br /> | |
190 | 'name' => 'The Cookie Name',<br /> | |
191 | 'value' => 'The Value',<br /> | |
192 | 'expire' => '86500',<br /> | |
193 | 'domain' => '.some-domain.com',<br /> | |
194 | 'path' => '/',<br /> | |
195 | 'prefix' => 'myprefix_',<br /> | |
196 | 'secure' => TRUE<br /> | |
197 | );<br /> | |
198 | <br /> | |
199 | $this->input->set_cookie($cookie); | |
200 | </code> | |
201 | ||
202 | <p><strong>Notes:</strong></p> | |
203 | ||
204 | <p>Only the name and value are required. To delete a cookie set it with the expiration blank.</p> | |
205 | ||
206 | <p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the | |
207 | number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to | |
208 | zero the cookie will only last as long as the browser is open.</p> | |
209 | <p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> | |
210 | <p>The path is usually not needed since the function sets a root path.</p> | |
211 | <p>The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server.</p> | |
212 | <p>The secure boolean is only needed if you want to make it a secure cookie by setting it to TRUE.</p> | |
213 | ||
214 | <h4>Discrete Parameters</h4> | |
215 | ||
216 | <p>If you prefer, you can set the cookie by passing data using individual parameters:</p> | |
217 | ||
218 | <code>$this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure);</code> | |
219 | ||
220 | <h2>$this->input->cookie()</h2> | |
221 | ||
222 | <p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> | |
223 | ||
224 | <code>cookie('some_cookie');</code> | |
225 | ||
226 | <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> | |
227 | ||
228 | <p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> | |
229 | ||
230 | <p><code>cookie('some_cookie', TRUE);</code></p> | |
231 | ||
232 | ||
233 | <h2>$this->input->ip_address()</h2> | |
234 | <p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> | |
235 | <code>echo $this->input->ip_address();</code> | |
236 | ||
237 | ||
238 | <h2>$this->input->valid_ip(<var>$ip</var>)</h2> | |
239 | ||
240 | <p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above | |
241 | validates the IP automatically.</p> | |
242 | ||
243 | <code>if ( ! $this->input->valid_ip($ip))<br /> | |
244 | {<br /> | |
245 | echo 'Not Valid';<br /> | |
246 | }<br /> | |
247 | else<br /> | |
248 | {<br /> | |
249 | echo 'Valid';<br /> | |
250 | }</code> | |
251 | <p>Accepts an optional second string parameter of "IPv4" or "IPv6" to specify an IP format. The default checks for both formats.</p> | |
252 | ||
253 | <h2>$this->input->user_agent()</h2> | |
254 | <p>Returns the user agent (web browser) being used by the current user. Returns FALSE if it's not available.</p> | |
255 | <code>echo $this->input->user_agent();</code> | |
256 | <p>See the <a href="user_agent.html">User Agent Class</a> for methods which extract information from the user agent string.</p> | |
257 | ||
258 | <h2>$this->input->request_headers()</h2> | |
259 | <p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> | |
260 | ||
261 | <code>$headers = $this->input->request_headers();</code> | |
262 | ||
263 | <h2>$this->input->get_request_header();</h2> | |
264 | <p>Returns a single member of the request headers array.</p> | |
265 | ||
266 | <code>$this->input->get_request_header('some-header', TRUE);</code> | |
267 | ||
268 | ||
269 | <h2>$this->input->is_ajax_request()</h2> | |
270 | <p>Checks to see if the <var>HTTP_X_REQUESTED_WITH</var> server header has been set, and returns a boolean response.</p> | |
271 | ||
272 | ||
273 | <h2>$this->input->is_cli_request()</h2> | |
274 | <p>Checks to see if the <var>STDIN</var> constant is set, which is a failsafe way to see if PHP is being run on the command line.</p> | |
275 | ||
276 | <code>$this->input->is_cli_request()</code> | |
277 | ||
278 | ||
279 | </div> | |
280 | <!-- END CONTENT --> | |
281 | ||
282 | ||
283 | <div id="footer"> | |
284 | <p> | |
285 | Previous Topic: <a href="image_lib.html">Image Manipulation Class</a> | |
286 | · | |
287 | <a href="#top">Top of Page</a> · | |
288 | <a href="../index.html">User Guide Home</a> · | |
289 | Next Topic: <a href="loader.html">Loader Class</a> | |
290 | </p> | |
291 | <p><a href="http://codeigniter.com">CodeIgniter</a> · Copyright © 2006 - 2012 · <a href="http://ellislab.com/">EllisLab, Inc.</a></p> | |
292 | </div> | |
293 | ||
294 | </body> | |
295 | </html> |