Retrieving request data using JInput

From Joomla! Documentation


To be able to use JInput as described here, you must be using Joomla 2.5.0 or above.

Please note there are known issues with JInput and Magic Quotes (Deprecated in PHP 5.3.0 and removed in PHP 5.4.0). Most servers have these turned off - however it is important to bear this in mind whilst developing a component. For this reason all core components in Joomla 2.5.x still use JRequest. As of Joomla 3.0+ magic quotes is required to be disabled and thus this is no longer an issue.

Using JInput

To use JInput you must first create the object by using this code:

$jinput = JFactory::getApplication()->input;

Getting Values

To get a value from JInput, you can use:

$foo = $jinput->get('varname', 'default_value', 'filter');

The filter defaults to cmd.

Info non-talk.png
General Information

The code fragments in the following list show the implementation of the filters (assuming the value you want to retrieve is stored in $source). You do not need them to use JInput; all you need for using JInput is the code shown above.

Available filters are:

  • INT
// Only use the first integer value
preg_match('/-?[0-9]+/', (string) $source, $matches);
$result = @ (int) $matches[0];
  • UINT
// Only use the first integer value
preg_match('/-?[0-9]+/', (string) $source, $matches);
$result = @ abs((int) $matches[0]);
// Only use the first floating point value
preg_match('/-?[0-9]+(\.[0-9]+)?/', (string) $source, $matches);
$result = @ (float) $matches[0];
  • BOOL
$result = (bool) $source;
  • WORD
// Only allow characters a-z, and underscores
$result = (string) preg_replace('/[^A-Z_]/i', '', $source);
// Allow a-z and 0-9 only
$result = (string) preg_replace('/[^A-Z0-9]/i', '', $source);
  • CMD
// Allow a-z, 0-9, underscore, dot, dash. Also remove leading dots from result. 
$result = (string) preg_replace('/[^A-Z0-9_\.-]/i', '', $source);
$result = ltrim($result, '.');
  • BASE64
// Allow a-z, 0-9, slash, plus, equals.
$result = (string) preg_replace('/[^A-Z0-9\/+=]/i', '', $source);
// Converts the input to a plain text string; strips all tags / attributes.
$result = (string) $this->_remove($this->_decode((string) $source));
  • HTML
// Converts the input to a string; strips all HTML tags / attributes.
$result = (string) $this->_remove($this->_decode((string) $source));
// Attempts to convert the input to an array.
$result = (array) $source;
  • PATH
// Converts the input into a string and validates it as a path. (e.g. path/to/file.png or path/to/dir)
// Note: Does NOT accept absolute paths, or paths ending in a trailing slash.
// For a visual representation of the pattern matching used, see^[A-Za-z0-9_-]%2B[A-Za-z0-9_\.-]*%28[\\\\\%2F][A-Za-z0-9_-]%2B[A-Za-z0-9_\.-]*%29*%24
// Will return null if the input was invalid.
$pattern = '/^[A-Za-z0-9_-]+[A-Za-z0-9_\.-]*([\\\\\/][A-Za-z0-9_-]+[A-Za-z0-9_\.-]*)*$/';
preg_match($pattern, (string) $source, $matches);
$result = @ (string) $matches[0];
  • RAW
// The raw input. No sanitation provided.
$result = $source;
// Strips all invalid username characters.
$result = (string) preg_replace('/[\x00-\x1F\x7F<>"\'%&]/', '', $source)

Alternatively instead of adding the filter you can use the JInput type specific methods:

// Instead of:
$input->get('name', '', 'STR');
// you can use:
$input->getString('name', '');

// Instead of:
$input->get('memberId', 0, 'INT');
// you can use:
$input->getInt('memberId', 0);

To retrieve an object, you can use:

$foo = $jinput->get('varname', null, null);

Getting Multiple Values

To retrieve a number of values you can use the getArray() method:

$fooValues = $jinput->getArray(array('var1' => '', 'var2' => '', 'var3' => ''));

or, if you want to determine the data to get step by step:

$fooArray = array();
$fooArray['var1'] = '';
$fooArray['var2'] = '';
$fooArray['var3'] = '';
$fooValues = $jinput->getArray($fooArray);

The $fooValues will be an array that consists of the same keys as used in $fooArray, but with values attached.

You can also specify different filters for each of the inputs:

$fooValues = $jinput->getArray(array(
    'var1' => 'int',
    'var2' => 'float',
    'var3' => 'word'

You can also nest arrays to get more complicated hierarchies of values:

$fooValues = $jinput->getArray(array(
    'jform' => array(
        'title' => 'string',
        'quantity' => 'int',
        'state' => 'int'

Getting Values from a Specific Super Global

$foo = $jinput->get->get('varname', 'default_value', 'filter');
$foo = $jinput->post->get('varname', 'default_value', 'filter');
$foo = $jinput->server->get('varname', 'default_value', 'filter');

Getting JSON string from request

NB! Available since Joomla! Platform 12.1

$json = $jinput->json->get('varname');

Setting Values

To set a value via JInput, you can use:

$jinput->set('varname', $foo);

Retrieving File Data

The format that PHP returns file data in for arrays can at times be awkward, especially when dealing with arrays of files. JInputFiles provides a convenient interface for making life a little easier, grouping the data by file.

Suppose you have a form like:

<form action="<?php echo JRoute::_('index.php?option=com_example&task=file.submit'); ?>" enctype="multipart/form-data" method="post">
	<input type="file" name="jform1[test][]" />
	<input type="file" name="jform1[test][]" />
	<input type="submit" value="submit" />

Normally, PHP would put these in an array called $_FILES that looked like:

    [jform1] => Array
            [name] => Array
                    [test] => Array
                            [0] => youtube_icon.png
                            [1] => Younger_Son_2.jpg


            [type] => Array
                    [test] => Array
                            [0] => image/png
                            [1] => image/jpeg


            [tmp_name] => Array
                    [test] => Array
                            [0] => /tmp/phpXoIpSD
                            [1] => /tmp/phpWDE7ye


            [error] => Array
                    [test] => Array
                            [0] => 0
                            [1] => 0


            [size] => Array
                    [test] => Array
                            [0] => 34409
                            [1] => 99529




JInputFiles produces a result that is cleaner and easier to work with:

$files = $input->files->get('jform1');

$files then becomes:

    [test] => Array
            [0] => Array
                    [name] => youtube_icon.png
                    [type] => image/png
                    [tmp_name] => /tmp/phpXoIpSD
                    [error] => 0
                    [size] => 34409

            [1] => Array
                    [name] => Younger_Son_2.jpg
                    [type] => image/jpeg
                    [tmp_name] => /tmp/phpWDE7ye
                    [error] => 0
                    [size] => 99529



In this way, the data from each file element is consolidated into a single array and can be indexed in a more straightforward manner.


This is based on an email discussion: Framework List 23 July 2011

The idea behind JInput is to abstract out the input source to allow code to be reused in different applications and in different contexts. What I mean by this is that you could have a controller that grabs data from an input source. Instead of always getting it from the request (i.e. get and post variables), you get it from JInput. So say for instance you have a MVC triad in your component that is meant to get data from the browser as a client (a typical web application). Now suppose you want to reuse that same code but interface with it using JSON. Instead of rewriting your triad, you just extend JInput and have it grab it data from a parsed json object and perform any translation that you need to perform.

The plan is to have JApplication instantiate JInput in its constructor. Then in your code you get the input object from the application and get your input from there. It will be a public property in Japplication so that it can be swapped out of that is appropriate.

We get the added benefit that we get rid of the static JRequest which makes a whole bunch the code a whole lot easier to test because you can inject mock inputs directly instead of trying to fudge with hackish dependencies.

The end result will be that your code will get the input object from the application (we will probably add something to JController at some point to make it more convenient to use there as well).

Once you have your JInput object, you use it fairly in a fairly similar manner to how JRequest is used: $input->get('varname', 'default_value', 'filter');

Where filter is a filter that is supported by JFilterInput. JInput::clean proxies to JFilter. We'll have to tweak JFilter a little bit so that it is more extensible. It defaults to cmd so that developers have to be intentional about things if they want to have more lenient filtering.

There is also a getArray method that allows you to specify an array of key and filter pairs so that you can get a whole array of filtered input.

If you want to get data from a specific super global array, you can do $input->get->get(...) or $input->post->get(...).

JApplication is deprecated, Use JApplicationCms instead unless specified otherwise. JRequest is deprecated but will remain in the CMS through the 3.x series at a minimum. As such, it is easiest to still use JRequest with CMS applications. In the future get the JInput object from the application instead.