diff options
author | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-05-08 17:23:36 +0200 |
---|---|---|
committer | Phil Sturgeon <email@philsturgeon.co.uk> | 2011-05-08 17:23:36 +0200 |
commit | 0854d91fd2848266ec37a37c8a1ccfd13a8a4eda (patch) | |
tree | 1433f1db86920fae6e6286c6cc517ba64cda2aba /user_guide/libraries/input.html | |
parent | 0cb8c59f91567af9aa6530f8764abafe1ae935c0 (diff) | |
parent | 3ef65bd7491f847fecdab1acc9687f0e90eee09b (diff) |
Merged tip.
Diffstat (limited to 'user_guide/libraries/input.html')
-rw-r--r-- | user_guide/libraries/input.html | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/user_guide/libraries/input.html b/user_guide/libraries/input.html index b34938b13..6070b6c48 100644 --- a/user_guide/libraries/input.html +++ b/user_guide/libraries/input.html @@ -28,7 +28,7 @@ <div id="masthead"> <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> <tr> -<td><h1>CodeIgniter User Guide Version 2.0.1</h1></td> +<td><h1>CodeIgniter User Guide Version 2.0.2</h1></td> <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> </tr> </table> @@ -70,20 +70,20 @@ Input Class <h2>Security Filtering</h2> -<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> +<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> <ul> -<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> +<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> <li>Destroys all global variables in the event register_globals is turned on.</li> <li>Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li> -<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> +<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> <li>Standardizes newline characters to \n</li> </ul> <h2>XSS Filtering</h2> -<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your +<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your <kbd>application/config/config.php</kbd> file and setting this:</p> <code>$config['global_xss_filtering'] = TRUE;</code> @@ -93,9 +93,9 @@ Input Class <h2>Using POST, COOKIE, or SERVER Data</h2> -<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided +<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and -return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. +return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. In other words, normally you might do something like this:</p> <code> @@ -128,7 +128,7 @@ else<br /> <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> -<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> +<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> <code>$this->input->post('some_data', TRUE);</code> @@ -179,7 +179,7 @@ else<br /> <h2>$this->input->set_cookie()</h2> -<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: +<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: Array Method, and Discrete Parameters:</p> <h4>Array Method</h4> @@ -203,10 +203,10 @@ $this->input->set_cookie($cookie); <p>Only the name and value are required. To delete a cookie set it with the expiration blank.</p> -<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the -number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to +<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the +number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open.</p> -<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> +<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> <p>The path is usually not needed since the function sets a root path.</p> <p>The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server.</p> <p>The secure boolean is only needed if you want to make it a secure cookie by setting it to TRUE.</p> @@ -219,25 +219,25 @@ zero the cookie will only last as long as the browser is open.</p> <h2>$this->input->cookie()</h2> -<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> +<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> <code>cookie('some_cookie');</code> <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> -<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> +<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> <p><code>cookie('some_cookie', TRUE);</code></p> <h2>$this->input->ip_address()</h2> -<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> +<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> <code>echo $this->input->ip_address();</code> <h2>$this->input->valid_ip(<var>$ip</var>)</h2> -<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above +<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above validates the IP automatically.</p> <code>if ( ! $this->input->valid_ip($ip))<br /> @@ -256,7 +256,7 @@ else<br /> <p>See the <a href="user_agent.html">User Agent Class</a> for methods which extract information from the user agent string.</p> <h2>$this->input->request_headers()</h2> -<p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> +<p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> <code>$headers = $this->input->request_headers();</code> |