Retrieving and Filtering GET and POST requests with JRequest::getVar

From Joomla! Documentation
Revision as of 01:28, 18 April 2009 by Dean IconWeb (Talk | contribs)

Jump to: navigation, search
Quill icon.png
 This article is a stub and needs to be expanded. If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits. - Thank you.



Summary

When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.


JRequest 'getVar' method

To retrieve GET/POST request data, Joomla! uses the getVar method of the JRequest class (JRequest::getVar()).

Retrieving Data

If you have a form variable named 'address', you would want to use this code to get it:

EXAMPLE: 

$address = JRequest::getVar('address');

Unless other parameters are set, all HTML and trailing whitespace will be filtered out.

The DEFAULT Parameter

If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code: 

$address = JRequest::getVar('address', 'Address is empty');
echo $address;  // Address is empty

EXAMPLE: The SOURCE Parameter

Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that:

EXAMPLE: 

$address = JRequest::getVar('address', 'default value goes here', 'post');

VARIABLE TYPE Parameter

The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable.

EXAMPLE: 

$address = JRequest::getVar('address', 'default value goes here', 'post','variable type');

Here is a list of types you can validate:

  • INT
  • INTEGER
  • FLOAT
  • DOUBLE
  • BOOL
  • BOOLEAN
  • WORD
  • ALNUM
  • CMD
  • BASE64
  • STRING
  • ARRAY
  • PATH
  • USERNAME

FILTER MASK Parameter

Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering: EXAMPLE: 

$address = JRequest::getVar('address', 'default value goes here', 'post','validation type','mask type');
  • JREQUEST_NOTRIM - prevents trimming of whitespace
  • JREQUEST_ALLOWRAW - bypasses filtering
  • JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.

For more information: Joomla! API [[1]]

Definition

The class JRequest is defined in the following location.

libraries\joomla\environment\request.php

Retrieved from "http://docs.joomla.org/index.php?title=Retrieving_and_Filtering_GET_and_POST_requests_with_JRequest::getVar&oldid=13973"
Personal tools
Namespaces

Variants
Actions
Navigation
Joomla! Sites
Toolbox