Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 54b42d6c00f25152b6502be4cf64f2fe342b5fb7 / . / user_guide_src / source / libraries / input.rst
blob: 274e49af448cd681a13060fcc5f429fd35641315 [file] [log] [blame]
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]1###########
2Input Class
3###########
4
5The Input Class serves two purposes:
6
7#. It pre-processes global input data for security.
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]8#. It provides some helper methods for fetching input data and pre-processing it.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]9
10.. note:: This class is initialized automatically by the system so there
11 is no need to do it manually.
12
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]13.. contents::
14 :local:
15
16.. raw:: html
17
18 <div class="custom-index container"></div>
19
James L Parry08191be2014-12-20 02:37:13 -0800[diff] [blame]20***************
21Input Filtering
22***************
23
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]24Security Filtering
25==================
26
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]27The security filtering method is called automatically when a new
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]28:doc:`controller <../general/controllers>` is invoked. It does the
29following:
30
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]31- If ``$config['allow_get_array']`` is FALSE (default is TRUE), destroys
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]32 the global GET array.
33- Destroys all global variables in the event register_globals is
34 turned on.
35- Filters the GET/POST/COOKIE array keys, permitting only alpha-numeric
36 (and a few other) characters.
37- Provides XSS (Cross-site Scripting Hacks) filtering. This can be
38 enabled globally, or upon request.
Andrey Andreevbfb635b2014-01-08 18:32:05 +0200[diff] [blame]39- Standardizes newline characters to ``PHP_EOL`` (\\n in UNIX-based OSes,
40 \\r\\n under Windows). This is configurable.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]41
42XSS Filtering
43=============
44
45The Input class has the ability to filter input automatically to prevent
46cross-site scripting attacks. If you want the filter to run
47automatically every time it encounters POST or COOKIE data you can
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]48enable it by opening your *application/config/config.php* file and setting
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]49this::
50
51 $config['global_xss_filtering'] = TRUE;
52
53Please refer to the :doc:`Security class <security>` documentation for
54information on using XSS Filtering in your application.
55
James L Parry08191be2014-12-20 02:37:13 -0800[diff] [blame]56*******************
57Accessing form data
58*******************
59
Andrey Andreev9cf12d12012-06-13 10:19:59 +0300[diff] [blame]60Using POST, GET, COOKIE, or SERVER Data
61=======================================
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]62
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]63CodeIgniter comes with helper methods that let you fetch POST, GET,
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]64COOKIE or SERVER items. The main advantage of using the provided
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]65methods rather than fetching an item directly (``$_POST['something']``)
Andrey Andreev9cf12d12012-06-13 10:19:59 +0300[diff] [blame]66is that the methods will check to see if the item is set and return
67NULL if not. This lets you conveniently use data without
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]68having to test whether an item exists first. In other words, normally
69you might do something like this::
70
Phil Sturgeon55a6ddb2012-05-23 18:37:24 +0100[diff] [blame]71 $something = isset($_POST['something']) ? $_POST['something'] : NULL;
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]72
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]73With CodeIgniter's built in methods you can simply do this::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]74
75 $something = $this->input->post('something');
76
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]77The main methods are:
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]78
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]79- ``$this->input->post()``
80- ``$this->input->get()``
81- ``$this->input->cookie()``
82- ``$this->input->server()``
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]83
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]84Using the php://input stream
85============================
86
87If you want to utilize the PUT, DELETE, PATCH or other exotic request
88methods, they can only be accessed via a special input stream, that
89can only be read once. This isn't as easy as just reading from e.g.
90the ``$_POST`` array, because it will always exist and you can try
91and access multiple variables without caring that you might only have
92one shot at all of the POST data.
93
Ignasimg0b5569f2015-02-20 17:56:55 +0100[diff] [blame]94CodeIgniter will take care of that for you, and you can read the data
95from the **php://input** stream at any time, just by using the
Ignasimg54b42d62015-02-26 03:16:12 +0100[diff] [blame^]96``$raw_input_stream`` property::
Ignasimg0b5569f2015-02-20 17:56:55 +0100[diff] [blame]97
98 $this->input->raw_input_stream;
99
Ignasimg54b42d62015-02-26 03:16:12 +0100[diff] [blame^]100Additionally if the input stream is form-encoded like $_POST you can
101access its values by calling the
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]102``input_stream()`` method::
103
104 $this->input->input_stream('key');
105
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]106Similar to other methods such as ``get()`` and ``post()``, if the
107requested data is not found, it will return NULL and you can also
108decide whether to run the data through ``xss_clean()`` by passing
109a boolean value as the second parameter::
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]110
111 $this->input->input_stream('key', TRUE); // XSS Clean
112 $this->input->input_stream('key', FALSE); // No XSS filter
113
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]114.. note:: You can utilize ``method()`` in order to know if you're reading
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]115 PUT, DELETE or PATCH data.
116
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]117***************
118Class Reference
119***************
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]120
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]121.. php:class:: CI_Input
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]122
Ignasimg54b42d62015-02-26 03:16:12 +0100[diff] [blame^]123 .. attribute:: $raw_input_stream
124
125 Read only property that will return php://input data as is.
126
127 The property can be read multiple times.
128
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]129 .. php:method:: post([$index = NULL[, $xss_clean = NULL]])
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]130
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]131 :param mixed $index: POST parameter name
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]132 :param bool $xss_clean: Whether to apply XSS filtering
133 :returns: $_POST if no parameters supplied, otherwise the POST value if found or NULL if not
134 :rtype: mixed
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]135
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]136 The first parameter will contain the name of the POST item you are
137 looking for::
Derek Jones8831d112011-10-05 15:57:02 -0500[diff] [blame]138
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]139 $this->input->post('some_data');
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]140
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]141 The method returns NULL if the item you are attempting to retrieve
142 does not exist.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]143
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]144 The second optional parameter lets you run the data through the XSS
Andrey Andreev88ebdf72014-01-08 17:28:02 +0200[diff] [blame]145 filter. It's enabled by setting the second parameter to boolean TRUE
146 or by setting your ``$config['global_xss_filtering']`` to TRUE.
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]147 ::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]148
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]149 $this->input->post('some_data', TRUE);
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]150
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]151 To return an array of all POST items call without any parameters.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]152
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]153 To return all POST items and pass them through the XSS filter set the
154 first parameter NULL while setting the second parameter to boolean TRUE.
155 ::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]156
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]157 $this->input->post(NULL, TRUE); // returns all POST items with XSS filter
Andrey Andreev88ebdf72014-01-08 17:28:02 +0200[diff] [blame]158 $this->input->post(NULL, FALSE); // returns all POST items without XSS filter
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]159
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]160 To return an array of multiple POST parameters, pass all the required keys
161 as an array.
162 ::
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]163
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]164 $this->input->post(array('field1', 'field2'));
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]165
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]166 Same rule applied here, to retrive the parameters with XSS filtering enabled, set the
167 second parameter to boolean TRUE.
168 ::
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]169
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]170 $this->input->post(array('field1', 'field2'), TRUE);
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]171
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]172 .. php:method:: get([$index = NULL[, $xss_clean = NULL]])
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]173
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]174 :param mixed $index: GET parameter name
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]175 :param bool $xss_clean: Whether to apply XSS filtering
176 :returns: $_GET if no parameters supplied, otherwise the GET value if found or NULL if not
177 :rtype: mixed
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]178
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]179 This method is identical to ``post()``, only it fetches GET data.
180 ::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]181
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]182 $this->input->get('some_data', TRUE);
183
184 To return an array of all GET items call without any parameters.
185
186 To return all GET items and pass them through the XSS filter set the
187 first parameter NULL while setting the second parameter to boolean TRUE.
188 ::
189
190 $this->input->get(NULL, TRUE); // returns all GET items with XSS filter
Andrey Andreev88ebdf72014-01-08 17:28:02 +0200[diff] [blame]191 $this->input->get(NULL, FALSE); // returns all GET items without XSS filtering
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]192
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]193 To return an array of multiple GET parameters, pass all the required keys
194 as an array.
195 ::
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]196
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]197 $this->input->get(array('field1', 'field2'));
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]198
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]199 Same rule applied here, to retrive the parameters with XSS filtering enabled, set the
200 second parameter to boolean TRUE.
201 ::
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]202
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]203 $this->input->get(array('field1', 'field2'), TRUE);
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]204
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]205 .. php:method:: post_get($index[, $xss_clean = NULL])
Andrey Andreevea801ab2014-01-20 15:03:43 +0200[diff] [blame]206
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]207 :param string $index: POST/GET parameter name
208 :param bool $xss_clean: Whether to apply XSS filtering
209 :returns: POST/GET value if found, NULL if not
210 :rtype: mixed
Andrey Andreevea801ab2014-01-20 15:03:43 +0200[diff] [blame]211
Andrey Andreev7c60b122014-02-08 18:47:19 +0200[diff] [blame]212 This method works pretty much the same way as ``post()`` and ``get()``,
213 only combined. It will search through both POST and GET streams for data,
214 looking in POST first, and then in GET::
Andrey Andreevea801ab2014-01-20 15:03:43 +0200[diff] [blame]215
216 $this->input->post_get('some_data', TRUE);
217
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]218 .. php:method:: get_post($index[, $xss_clean = NULL])
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]219
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]220 :param string $index: GET/POST parameter name
221 :param bool $xss_clean: Whether to apply XSS filtering
222 :returns: GET/POST value if found, NULL if not
223 :rtype: mixed
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]224
Andrey Andreevea801ab2014-01-20 15:03:43 +0200[diff] [blame]225 This method works the same way as ``post_get()`` only it looks for GET
226 data first.
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]227
228 $this->input->get_post('some_data', TRUE);
229
Andrey Andreevea801ab2014-01-20 15:03:43 +0200[diff] [blame]230 .. note:: This method used to act EXACTLY like ``post_get()``, but it's
231 behavior has changed in CodeIgniter 3.0.
232
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]233 .. php:method:: cookie([$index = NULL[, $xss_clean = NULL]])
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]234
Andrey Andreevef29f832014-12-02 18:03:47 +0200[diff] [blame]235 :param mixed $index: COOKIE name
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]236 :param bool $xss_clean: Whether to apply XSS filtering
237 :returns: $_COOKIE if no parameters supplied, otherwise the COOKIE value if found or NULL if not
238 :rtype: mixed
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]239
240 This method is identical to ``post()`` and ``get()``, only it fetches cookie
241 data::
242
243 $this->input->cookie('some_cookie');
244 $this->input->cookie('some_cookie, TRUE); // with XSS filter
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]245
Andrey Andreevef29f832014-12-02 18:03:47 +0200[diff] [blame]246 To return an array of multiple cookie values, pass all the required keys
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]247 as an array.
248 ::
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]249
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]250 $this->input->cookie(array('some_cookie', 'some_cookie2'));
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]251
Andrey Andreevb4834cc2015-01-29 13:52:44 +0200[diff] [blame]252 .. note:: Unlike the :doc:`Cookie Helper <../helpers/cookie_helper>`
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]253 function :php:func:`get_cookie()`, this method does NOT prepend
Andrey Andreevb4834cc2015-01-29 13:52:44 +0200[diff] [blame]254 your configured ``$config['cookie_prefix']`` value.
255
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]256 .. php:method:: server($index[, $xss_clean = NULL])
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]257
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]258 :param mixed $index: Value name
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]259 :param bool $xss_clean: Whether to apply XSS filtering
260 :returns: $_SERVER item value if found, NULL if not
261 :rtype: mixed
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]262
Andrey Andreev7c60b122014-02-08 18:47:19 +0200[diff] [blame]263 This method is identical to the ``post()``, ``get()`` and ``cookie()``
264 methods, only it fetches server data (``$_SERVER``)::
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]265
266 $this->input->server('some_data');
267
Andrey Andreevef29f832014-12-02 18:03:47 +0200[diff] [blame]268 To return an array of multiple ``$_SERVER`` values, pass all the required keys
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]269 as an array.
270 ::
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]271
272 $this->input->server(array('SERVER_PROTOCOL', 'REQUEST_URI'));
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]273
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]274 .. php:method:: input_stream([$index = NULL[, $xss_clean = NULL]])
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]275
Ahmad Anbarff89a4e2014-12-02 17:26:30 +0200[diff] [blame]276 :param mixed $index: Key name
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]277 :param bool $xss_clean: Whether to apply XSS filtering
278 :returns: Input stream array if no parameters supplied, otherwise the specified value if found or NULL if not
279 :rtype: mixed
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]280
281 This method is identical to ``get()``, ``post()`` and ``cookie()``,
282 only it fetches the *php://input* stream data.
283
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]284 .. php:method:: set_cookie($name = ''[, $value = ''[, $expire = ''[, $domain = ''[, $path = '/'[, $prefix = ''[, $secure = FALSE[, $httponly = FALSE]]]]]]])
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]285
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]286 :param mixed $name: Cookie name or an array of parameters
287 :param string $value: Cookie value
288 :param int $expire: Cookie expiration time in seconds
289 :param string $domain: Cookie domain
290 :param string $path: Cookie path
291 :param string $prefix: Cookie name prefix
292 :param bool $secure: Whether to only transfer the cookie through HTTPS
293 :param bool $httponly: Whether to only make the cookie accessible for HTTP requests (no JavaScript)
294 :rtype: void
295
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]296
297 Sets a cookie containing the values you specify. There are two ways to
298 pass information to this method so that a cookie can be set: Array
299 Method, and Discrete Parameters:
300
Connor Tumbleson75b3fb22014-01-11 06:58:43 -0600[diff] [blame]301 **Array Method**
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]302
303 Using this method, an associative array is passed to the first
304 parameter::
305
306 $cookie = array(
307 'name' => 'The Cookie Name',
308 'value' => 'The Value',
309 'expire' => '86500',
310 'domain' => '.some-domain.com',
311 'path' => '/',
312 'prefix' => 'myprefix_',
313 'secure' => TRUE
314 );
315
316 $this->input->set_cookie($cookie);
317
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]318 **Notes**
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]319
320 Only the name and value are required. To delete a cookie set it with the
321 expiration blank.
322
323 The expiration is set in **seconds**, which will be added to the current
324 time. Do not include the time, but rather only the number of seconds
325 from *now* that you wish the cookie to be valid. If the expiration is
326 set to zero the cookie will only last as long as the browser is open.
327
328 For site-wide cookies regardless of how your site is requested, add your
329 URL to the **domain** starting with a period, like this:
330 .your-domain.com
331
332 The path is usually not needed since the method sets a root path.
333
334 The prefix is only needed if you need to avoid name collisions with
335 other identically named cookies for your server.
336
337 The secure boolean is only needed if you want to make it a secure cookie
338 by setting it to TRUE.
339
Connor Tumbleson75b3fb22014-01-11 06:58:43 -0600[diff] [blame]340 **Discrete Parameters**
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]341
342 If you prefer, you can set the cookie by passing data using individual
343 parameters::
344
345 $this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure);
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]346
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]347 .. php:method:: ip_address()
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]348
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]349 :returns: Visitor's IP address or '0.0.0.0' if not valid
350 :rtype: string
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]351
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]352 Returns the IP address for the current user. If the IP address is not
353 valid, the method will return '0.0.0.0'::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]354
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]355 echo $this->input->ip_address();
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]356
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]357 .. important:: This method takes into account the ``$config['proxy_ips']``
358 setting and will return the reported HTTP_X_FORWARDED_FOR,
359 HTTP_CLIENT_IP, HTTP_X_CLIENT_IP or HTTP_X_CLUSTER_CLIENT_IP
360 address for the allowed IP addresses.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]361
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]362 .. php:method:: valid_ip($ip[, $which = ''])
Andrey Andreev303eef02012-11-06 14:55:48 +0200[diff] [blame]363
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]364 :param string $ip: IP address
365 :param string $which: IP protocol ('ipv4' or 'ipv6')
366 :returns: TRUE if the address is valid, FALSE if not
367 :rtype: bool
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]368
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]369 Takes an IP address as input and returns TRUE or FALSE (boolean) depending
370 on whether it is valid or not.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]371
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]372 .. note:: The $this->input->ip_address() method above automatically
373 validates the IP address.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]374
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]375 ::
Andrey Andreev5a257182012-06-10 06:18:14 +0300[diff] [blame]376
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]377 if ( ! $this->input->valid_ip($ip))
378 {
379 echo 'Not Valid';
380 }
381 else
382 {
383 echo 'Valid';
384 }
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]385
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]386 Accepts an optional second string parameter of 'ipv4' or 'ipv6' to specify
387 an IP format. The default checks for both formats.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]388
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]389 .. php:method:: user_agent([$xss_clean = NULL])
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]390
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]391 :returns: User agent string or NULL if not set
Andrey Andreev8850e372014-02-27 21:56:06 +0200[diff] [blame]392 :param bool $xss_clean: Whether to apply XSS filtering
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]393 :rtype: mixed
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]394
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]395 Returns the user agent string (web browser) being used by the current user,
396 or NULL if it's not available.
397 ::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]398
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]399 echo $this->input->user_agent();
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]400
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]401 See the :doc:`User Agent Class <user_agent>` for methods which extract
402 information from the user agent string.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]403
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]404 .. php:method:: request_headers([$xss_clean = FALSE])
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]405
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]406 :param bool $xss_clean: Whether to apply XSS filtering
407 :returns: An array of HTTP request headers
408 :rtype: array
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]409
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]410 Returns an array of HTTP request headers.
411 Useful if running in a non-Apache environment where
412 `apache_request_headers() <http://php.net/apache_request_headers>`_
413 will not be supported.
414 ::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]415
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]416 $headers = $this->input->request_headers();
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]417
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]418 .. php:method:: get_request_header($index[, $xss_clean = FALSE])
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]419
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]420 :param string $index: HTTP request header name
421 :param bool $xss_clean: Whether to apply XSS filtering
422 :returns: An HTTP request header or NULL if not found
423 :rtype: string
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]424
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]425 Returns a single member of the request headers array or NULL
426 if the searched header is not found.
427 ::
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]428
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]429 $this->input->get_request_header('some-header', TRUE);
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]430
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]431 .. php:method:: is_ajax_request()
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]432
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]433 :returns: TRUE if it is an Ajax request, FALSE if not
434 :rtype: bool
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]435
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]436 Checks to see if the HTTP_X_REQUESTED_WITH server header has been
437 set, and returns boolean TRUE if it is or FALSE if not.
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]438
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]439 .. php:method:: is_cli_request()
Derek Jones8ede1a22011-10-05 13:34:52 -0500[diff] [blame]440
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]441 :returns: TRUE if it is a CLI request, FALSE if not
442 :rtype: bool
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100[diff] [blame]443
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]444 Checks to see if the application was run from the command-line
445 interface.
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100[diff] [blame]446
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]447 .. note:: This method checks both the PHP SAPI name currently in use
448 and if the ``STDIN`` constant is defined, which is usually a
449 failsafe way to see if PHP is being run via the command line.
Michiel Vugteveenbe0ca262012-03-07 19:09:51 +0100[diff] [blame]450
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]451 ::
452
453 $this->input->is_cli_request()
454
Andrey Andreevea801ab2014-01-20 15:03:43 +0200[diff] [blame]455 .. note:: This method is DEPRECATED and is now just an alias for the
456 :func:`is_cli()` function.
457
Andrey Andreevcd3d9db2015-02-02 13:41:01 +0200[diff] [blame]458 .. php:method:: method([$upper = FALSE])
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]459
Andrey Andreev28c2c972014-02-08 04:27:48 +0200[diff] [blame]460 :param bool $upper: Whether to return the request method name in upper or lower case
461 :returns: HTTP request method
462 :rtype: string
Andrey Andreev04535c72014-01-06 10:57:05 +0200[diff] [blame]463
464 Returns the ``$_SERVER['REQUEST_METHOD']``, with the option to set it
465 in uppercase or lowercase.
466 ::
467
468 echo $this->input->method(TRUE); // Outputs: POST
469 echo $this->input->method(FALSE); // Outputs: post
David Wosnitzad31a4e62014-12-12 16:35:35 +0100[diff] [blame]470 echo $this->input->method(); // Outputs: post