Retrieving data from GET and POST requests

Jump to: navigation, search
 This article is a stub and needs to be expanded.

If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits.

Thank you.


Summary

When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.


JRequest functions

Under most circumstances, you will want to use member functions the JRequest class to get request variables. The most common case is when you want to use a specific variable found in either the GET or POST portion of the HTTP request. If you have a form variable named 'address', you would want to use this code to get it: 

$address = JRequest::getVar('address');

By setting $address this way, getVar() strips out all HTML and trailing whitespace. If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code: 

$address = JRequest::getVar('address', 'default value goes here');

Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that: 

$address = JRequest::getVar('address', 'default value goes here', 'post');

The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable. Here is a list of types you can validate:

  • INT
  • INTEGER
  • FLOAT
  • DOUBLE
  • BOOL
  • BOOLEAN
  • WORD
  • ALNUM
  • CMD
  • BASE64
  • STRING
  • ARRAY
  • PATH
  • USERNAME

Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering:

  • JREQUEST_NOTRIM - prevents trimming of whitespace
  • JREQUEST_ALLOWRAW - bypasses filtering
  • JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.
Retrieved from "http://docs.joomla.org/Retrieving_data_from_GET_and_POST_requests"
Personal tools