Blame - user_guide/libraries/input.html - code-igniter-v3-giggi

blob: 4c12fd7b021f957bc56a686c05336ace22c694b2 [file] [log] [blame]

Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	1	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
				2	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
				3	<head>
				4
				5	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
				6	<title>Input Class : CodeIgniter User Guide</title>
				7
				8	<style type='text/css' media='all'>@import url('../userguide.css');</style>
				9	<link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
				10
				11	<script type="text/javascript" src="../nav/nav.js"></script>
				12	<script type="text/javascript" src="../nav/prototype.lite.js"></script>
				13	<script type="text/javascript" src="../nav/moo.fx.js"></script>
				14	<script type="text/javascript" src="../nav/user_guide_menu.js"></script>
				15
				16	<meta http-equiv='expires' content='-1' />
				17	<meta http-equiv= 'pragma' content='no-cache' />
				18	<meta name='robots' content='all' />
				19	<meta name='author' content='ExpressionEngine Dev Team' />
				20	<meta name='description' content='CodeIgniter User Guide' />
				21
				22	</head>
				23	<body>
				24
				25	<!-- START NAVIGATION -->
				26	<div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
				27	<div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle_darker.jpg" width="154" height="43" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
				28	<div id="masthead">
				29	<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
				30	<tr>
Derek Jones	8917af7	2010-03-05 12:41:45 -0600	[diff] [blame]	31	<td><h1>CodeIgniter User Guide Version 2.0.0</h1></td>
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	32	<td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td>
				33	</tr>
				34	</table>
				35	</div>
				36	<!-- END NAVIGATION -->
				37
				38
				39	<!-- START BREADCRUMB -->
				40	<table cellpadding="0" cellspacing="0" border="0" style="width:100%">
				41	<tr>
				42	<td id="breadcrumb">
				43	<a href="http://codeigniter.com/">CodeIgniter Home</a>  ›
				44	<a href="../index.html">User Guide Home</a>  ›
Derek Jones	9898b89	2010-03-10 14:04:17 -0600	[diff] [blame]	45	Input Class
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	46	</td>
				47	<td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="codeigniter.com/user_guide/" />Search User Guide  <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td>
				48	</tr>
				49	</table>
				50	<!-- END BREADCRUMB -->
				51
				52	<br clear="all" />
				53
				54
				55	<!-- START CONTENT -->
				56	<div id="content">
				57
				58
				59	<h1>Input Class</h1>
				60
				61	<p>The Input Class serves two purposes:</p>
				62
				63	<ol>
				64	<li>It pre-processes global input data for security.</li>
				65	<li>It provides some helper functions for fetching input data and pre-processing it.</li>
				66	</ol>
				67
				68	<p class="important"><strong>Note:</strong> This class is initialized automatically by the system so there is no need to do it manually.</p>
				69
				70
				71	<h2>Security Filtering</h2>
				72
				73	<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p>
				74
				75	<ul>
				76	<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li>
				77	<li>Destroys all global variables in the event register_globals is turned on.</li>
				78	<li>Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li>
				79	<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li>
				80	<li>Standardizes newline characters to \n</li>
				81	</ul>
				82
				83
				84	<h2>XSS Filtering</h2>
				85
Derek Jones	9898b89	2010-03-10 14:04:17 -0600	[diff] [blame]	86	<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	87	<kbd>application/config/config.php</kbd> file and setting this:</p>
				88
				89	<code>$config['global_xss_filtering'] = TRUE;</code>
				90
Derek Jones	9898b89	2010-03-10 14:04:17 -0600	[diff] [blame]	91	<p>Please refer to the <a href="security.html">Security class</a> documentation for information on using XSS Filtering in your application.</p>
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	92
				93
				94	<h2>Using POST, COOKIE, or SERVER Data</h2>
				95
				96	<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided
				97	functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and
				98	return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first.
				99	In other words, normally you might do something like this:</p>
				100
				101	<code>
				102	if ( ! isset($_POST['something']))<br />
				103	{<br />
				104	$something = FALSE;<br />
				105	}<br />
				106	else<br />
				107	{<br />
				108	$something = $_POST['something'];<br />
				109	}</code>
				110
				111	<p>With CodeIgniter's built in functions you can simply do this:</p>
				112
				113	<code>$something = $this->input->post('something');</code>
				114
				115	<p>The three functions are:</p>
				116
				117	<ul>
				118	<li>$this->input->post()</li>
				119	<li>$this->input->cookie()</li>
				120	<li>$this->input->server()</li>
				121	</ul>
				122
				123	<h2>$this->input->post()</h2>
				124
				125	<p>The first parameter will contain the name of the POST item you are looking for:</p>
				126
				127	<code>$this->input->post('some_data');</code>
				128
				129	<p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p>
				130
				131	<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p>
				132
				133	<code>$this->input->post('some_data', TRUE);</code>
				134
				135	<h2>$this->input->get()</h2>
				136
				137	<p>This function is identical to the post function, only it fetches get data:</p>
				138
				139	<code>$this->input->get('some_data', TRUE);</code>
				140
				141	<h2>$this->input->get_post()</h2>
				142
				143	<p>This function will search through both the post and get streams for data, looking first in post, and then in get:</p>
				144
				145	<code>$this->input->get_post('some_data', TRUE);</code>
				146
				147	<h2>$this->input->cookie()</h2>
				148
				149	<p>This function is identical to the post function, only it fetches cookie data:</p>
				150
				151	<code>$this->input->cookie('some_data', TRUE);</code>
				152
				153	<h2>$this->input->server()</h2>
				154
				155	<p>This function is identical to the above functions, only it fetches server data:</p>
				156
				157	<code>$this->input->server('some_data');</code>
				158
				159
Derek Jones	9898b89	2010-03-10 14:04:17 -0600	[diff] [blame]	160	<h2>$this->input->set_cookie()</h2>
				161
				162	<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set:
				163	Array Method, and Discrete Parameters:</p>
				164
				165	<h4>Array Method</h4>
				166
				167	<p>Using this method, an associative array is passed to the first parameter:</p>
				168
				169	<code>$cookie = array(<br />
				170	'name'   => 'The Cookie Name',<br />
				171	'value'  => 'The Value',<br />
				172	'expire' => '86500',<br />
				173	'domain' => '.some-domain.com',<br />
				174	'path'   => '/',<br />
				175	'prefix' => 'myprefix_',<br />
				176	);<br />
				177	<br />
				178	$this->input->set_cookie($cookie);
				179	</code>
				180
				181	<p><strong>Notes:</strong></p>
				182
				183	<p>Only the name and value are required. To delete a cookie set it with the expiration blank.</p>
				184
				185	<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the
				186	number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to
				187	zero the cookie will only last as long as the browser is open.</p>
				188	<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p>
				189	<p>The path is usually not needed since the function sets a root path.</p>
				190	<p>The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server.</p>
				191
				192	<h4>Discrete Parameters</h4>
				193
				194	<p>If you prefer, you can set the cookie by passing data using individual parameters:</p>
				195
				196	<code>$this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix);</code>
				197
				198	<h2>$this->input->get_cookie()</h2>
				199
				200	<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p>
				201
				202	<code>get_cookie('some_cookie');</code>
				203
				204	<p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p>
				205
				206	<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p>
				207
				208	<p><code>get_cookie('some_cookie', TRUE);</code></p>
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	209
				210
				211	<h2>$this->input->ip_address()</h2>
				212	<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p>
				213	<code>echo $this->input->ip_address();</code>
				214
				215
				216	<h2>$this->input->valid_ip(<var>$ip</var>)</h2>
				217
				218	<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above
				219	validates the IP automatically.</p>
				220
				221	<code>if ( ! $this->input->valid_ip($ip))<br />
				222	{<br />
				223	echo 'Not Valid';<br />
				224	}<br />
				225	else<br />
				226	{<br />
				227	echo 'Valid';<br />
				228	}</code>
				229
				230
				231	<h2>$this->input->user_agent()</h2>
				232	<p>Returns the user agent (web browser) being used by the current user. Returns FALSE if it's not available.</p>
				233	<code>echo $this->input->user_agent();</code>
				234
				235
				236
				237
				238	</div>
				239	<!-- END CONTENT -->
				240
				241
				242	<div id="footer">
				243	<p>
				244	Previous Topic:  <a href="image_lib.html">Image Manipulation Class</a>
				245	·
				246	<a href="#top">Top of Page</a>   ·
				247	<a href="../index.html">User Guide Home</a>   ·
				248	Next Topic:  <a href="loader.html">Loader Class</a>
				249	</p>
Derek Jones	d6d70e3	2010-03-29 10:10:27 -0500	[diff] [blame]	250	<p><a href="http://codeigniter.com">CodeIgniter</a>  ·  Copyright © 2006-2010  ·  <a href="http://ellislab.com/">EllisLab, Inc.</a></p>
Derek Allard	2067d1a	2008-11-13 22:59:24 +0000	[diff] [blame]	251	</div>
				252
				253	</body>
admin	b0dd10f	2006-08-25 17:25:49 +0000	[diff] [blame]	254	</html>