J1.5

Retrieving and Filtering GET and POST requests with JRequest::getVar

From Joomla! Documentation

Revision as of 23:28, 8 July 2008 by Masterchief (talk | contribs)

The "J1.5" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.

Quill icon.png
 This article is a stub and needs to be expanded. If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits. - Thank you.



Summary[edit]

When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.


JRequest functions[edit]

Under most circumstances, you will want to use member functions the JRequest class to get request variables. The most common case is when you want to use a specific variable found in either the GET or POST portion of the HTTP request. If you have a form variable named 'address', you would want to use this code to get it: 

$address = JRequest::getVar('address');

By setting $address this way, getVar() strips out all HTML and trailing whitespace. If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code: 

$address = JRequest::getVar('address', 'default value goes here');

Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that: 

$address = JRequest::getVar('address', 'default value goes here', 'post');

The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable. Here is a list of types you can validate:

  • INT
  • INTEGER
  • FLOAT
  • DOUBLE
  • BOOL
  • BOOLEAN
  • WORD
  • ALNUM
  • CMD
  • BASE64
  • STRING
  • ARRAY
  • PATH
  • USERNAME

Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering:

  • JREQUEST_NOTRIM - prevents trimming of whitespace
  • JREQUEST_ALLOWRAW - bypasses filtering
  • JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.
Retrieved from "https://docs.joomla.org/index.php?title=J1.5:Retrieving_and_Filtering_GET_and_POST_requests_with_JRequest::getVar&oldid=9058"