Difference between revisions of "Retrieving and Filtering GET and POST requests with JRequest::getVar"
From Joomla! Documentation
m (Added location of definition of JRequest class) |
Dean IconWeb (talk | contribs) |
||
Line 7: | Line 7: | ||
− | == JRequest | + | == JRequest 'getVar' method == |
+ | To retrieve GET/POST request data, Joomla! uses the getVar method of the JRequest class (JRequest::getVar()). | ||
− | + | '''Retrieving Data''' | |
+ | If you have a form variable named 'address', you would want to use this code to get it: | ||
+ | |||
+ | ''EXAMPLE:'' | ||
<pre> | <pre> | ||
$address = JRequest::getVar('address'); | $address = JRequest::getVar('address'); | ||
</pre> | </pre> | ||
− | + | Unless other parameters are set, all HTML and trailing whitespace will be filtered out. | |
+ | |||
+ | '''The DEFAULT Parameter''' | ||
+ | |||
+ | If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code: | ||
<pre> | <pre> | ||
− | $address = JRequest::getVar('address', ' | + | $address = JRequest::getVar('address', 'Address is empty'); |
+ | echo $address; // Address is empty | ||
</pre> | </pre> | ||
+ | |||
+ | ''EXAMPLE:'' | ||
+ | '''The SOURCE Parameter''' | ||
Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that: | Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that: | ||
+ | ''EXAMPLE:'' | ||
<pre> | <pre> | ||
$address = JRequest::getVar('address', 'default value goes here', 'post'); | $address = JRequest::getVar('address', 'default value goes here', 'post'); | ||
</pre> | </pre> | ||
− | The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable. Here is a list of types you can validate: | + | '''VARIABLE TYPE Parameter''' |
+ | |||
+ | The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable. | ||
+ | |||
+ | ''EXAMPLE:'' | ||
+ | <pre> | ||
+ | $address = JRequest::getVar('address', 'default value goes here', 'post','variable type'); | ||
+ | </pre> | ||
+ | |||
+ | Here is a list of types you can validate: | ||
*INT | *INT | ||
Line 43: | Line 65: | ||
*PATH | *PATH | ||
*USERNAME | *USERNAME | ||
+ | |||
+ | '''FILTER MASK Parameter''' | ||
Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering: | Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering: | ||
+ | ''EXAMPLE:'' | ||
+ | <pre> | ||
+ | $address = JRequest::getVar('address', 'default value goes here', 'post','validation type','mask type'); | ||
+ | </pre> | ||
*JREQUEST_NOTRIM - prevents trimming of whitespace | *JREQUEST_NOTRIM - prevents trimming of whitespace | ||
*JREQUEST_ALLOWRAW - bypasses filtering | *JREQUEST_ALLOWRAW - bypasses filtering | ||
*JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default. | *JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default. | ||
+ | |||
+ | ---- | ||
+ | For more information: | ||
+ | Joomla! API [[http://api.joomla.org/Joomla-Framework/Environment/JRequest.html]] | ||
== Definition == | == Definition == |
Revision as of 01:28, 18 April 2009
The "J1.5" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
This article is a stub and needs to be expanded. If you can provide information or finish this article you're welcome to do so. Please remove this message afterwards or replace with {{inuse}} while making major edits. - Thank you. |
Summary[edit]
When writing any web application, it is crucial that you filter input data before using it. Joomla! provides a set of filtering libraries to help you accomplish this.
JRequest 'getVar' method[edit]
To retrieve GET/POST request data, Joomla! uses the getVar method of the JRequest class (JRequest::getVar()).
Retrieving Data
If you have a form variable named 'address', you would want to use this code to get it:
EXAMPLE:
$address = JRequest::getVar('address');
Unless other parameters are set, all HTML and trailing whitespace will be filtered out.
The DEFAULT Parameter
If you want to specify a default value in the event that 'address' is not in the request or is unset, use this code:
$address = JRequest::getVar('address', 'Address is empty'); echo $address; // Address is empty
EXAMPLE: The SOURCE Parameter
Frequently, you will expect your variable to be found in a specific portion of the HTTP request (POST, GET, etc...). If this is the case, you should specify which portion; this will slightly increase your extension's security. If you expect 'address' to only be in POST, use this code to enforce that:
EXAMPLE:
$address = JRequest::getVar('address', 'default value goes here', 'post');
VARIABLE TYPE Parameter
The fourth parameter of getVar() can be used to specify certain filters to force validation of specific value types for the variable.
EXAMPLE:
$address = JRequest::getVar('address', 'default value goes here', 'post','variable type');
Here is a list of types you can validate:
- INT
- INTEGER
- FLOAT
- DOUBLE
- BOOL
- BOOLEAN
- WORD
- ALNUM
- CMD
- BASE64
- STRING
- ARRAY
- PATH
- USERNAME
FILTER MASK Parameter
Finally, there are some mask constants you can pass in as the fifth parameter that allow you to bypass portions of the filtering: EXAMPLE:
$address = JRequest::getVar('address', 'default value goes here', 'post','validation type','mask type');
- JREQUEST_NOTRIM - prevents trimming of whitespace
- JREQUEST_ALLOWRAW - bypasses filtering
- JREQUEST_ALLOWHTML - allows most HTML. If this is not passed in, HTML is stripped out by default.
For more information: Joomla! API [[1]]
Definition[edit]
The class JRequest is defined in the following location.
libraries\joomla\environment\request.php