Retrieving and Filtering GET & POST requests with JRequest::getVar

From Joomla! Documentation

Jump to: navigation, search
 This article is a stub and needs to be expanded.

If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits.

Thank you.


Summary

When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.


JRequest 'getVar' method

To retrieve GET/POST request data, Joomla! uses the getVar method of the JRequest class (JRequest::getVar()).

Retrieving Data

If you have a form variable named 'address', you would want to use this code to get it:

EXAMPLE:

$address = JRequest::getVar('address');

Unless other parameters are set, all HTML and trailing whitespace will be filtered out.

The DEFAULT Parameter

If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code:

EXAMPLE:

$address = JRequest::getVar('address', 'Address is empty');
echo $address;  // Address is empty

The SOURCE Parameter

Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that:

EXAMPLE:

$address = JRequest::getVar('address', 'default value goes here', 'post');

The VARIABLE TYPE Parameter

The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable.

EXAMPLE:

$address = JRequest::getVar('address', 'default value goes here', 'post','variable type');

Here is a list of types you can validate:

  • INT
  • INTEGER
  • FLOAT
  • DOUBLE
  • BOOL
  • BOOLEAN
  • WORD
  • ALNUM
  • CMD
  • BASE64
  • STRING
  • ARRAY
  • PATH
  • USERNAME

The FILTER MASK Parameter

Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering:

EXAMPLE:

$address = JRequest::getVar('address', 'default value goes here', 'post','validation type','mask type');
  • JREQUEST_NOTRIM - prevents trimming of whitespace
  • JREQUEST_ALLOWRAW - bypasses filtering
  • JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.

Definition

The class JRequest is defined in the following location.

libraries\joomla\environment\request.php

The JRequest api page can be found here.

[[1]]

Retrieved from "http://docs.joomla.org/Retrieving_and_Filtering_GET_%26_POST_requests_with_JRequest::getVar"
Personal tools