Difference between revisions of "Retrieving and Filtering GET and POST requests with JRequest::getVar"
From Joomla! Documentation
Masterchief (talk | contribs) m |
m (Added location of definition of JRequest class) |
||
Line 49: | Line 49: | ||
*JREQUEST_ALLOWRAW - bypasses filtering | *JREQUEST_ALLOWRAW - bypasses filtering | ||
*JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default. | *JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default. | ||
+ | |||
+ | == Definition == | ||
+ | The class JRequest is defined in the following location. | ||
+ | |||
+ | libraries\joomla\environment\request.php | ||
[[Category:Development]] | [[Category:Development]] |
Revision as of 16:20, 21 January 2009
The "J1.5" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
This article is a stub and needs to be expanded. If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits. - Thank you. |
Summary[edit]
When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.
JRequest functions[edit]
Under most circumstances, you will want to use member functions the JRequest class to get request variables. The most common case is when you want to use a specific variable found in either the GET or POST portion of the HTTP request. If you have a form variable named 'address', you would want to use this code to get it:
$address = JRequest::getVar('address');
By setting $address this way, getVar() strips out all HTML and trailing whitespace. If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code:
$address = JRequest::getVar('address', 'default value goes here');
Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that:
$address = JRequest::getVar('address', 'default value goes here', 'post');
The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable. Here is a list of types you can validate:
- INT
- INTEGER
- FLOAT
- DOUBLE
- BOOL
- BOOLEAN
- WORD
- ALNUM
- CMD
- BASE64
- STRING
- ARRAY
- PATH
- USERNAME
Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering:
- JREQUEST_NOTRIM - prevents trimming of whitespace
- JREQUEST_ALLOWRAW - bypasses filtering
- JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.
Definition[edit]
The class JRequest is defined in the following location.
libraries\joomla\environment\request.php