Retrieving and Filtering GET and POST requests with JRequest::getVar
From Joomla! Documentation
Revision as of 23:28, 8 July 2008 by Masterchief (talk | contribs)
The "J1.5" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
This article is a stub and needs to be expanded. If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits. - Thank you. |
Summary[edit]
When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.
JRequest functions[edit]
Under most circumstances, you will want to use member functions the JRequest class to get request variables. The most common case is when you want to use a specific variable found in either the GET or POST portion of the HTTP request. If you have a form variable named 'address', you would want to use this code to get it:
$address = JRequest::getVar('address');
By setting $address this way, getVar() strips out all HTML and trailing whitespace. If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code:
$address = JRequest::getVar('address', 'default value goes here');
Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that:
$address = JRequest::getVar('address', 'default value goes here', 'post');
The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable. Here is a list of types you can validate:
- INT
- INTEGER
- FLOAT
- DOUBLE
- BOOL
- BOOLEAN
- WORD
- ALNUM
- CMD
- BASE64
- STRING
- ARRAY
- PATH
- USERNAME
Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering:
- JREQUEST_NOTRIM - prevents trimming of whitespace
- JREQUEST_ALLOWRAW - bypasses filtering
- JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.