diff options
Diffstat (limited to 'user_guide/libraries/input.html')
-rw-r--r-- | user_guide/libraries/input.html | 86 |
1 files changed, 56 insertions, 30 deletions
diff --git a/user_guide/libraries/input.html b/user_guide/libraries/input.html index 552c49afd..6070b6c48 100644 --- a/user_guide/libraries/input.html +++ b/user_guide/libraries/input.html @@ -28,7 +28,7 @@ <div id="masthead"> <table cellpadding="0" cellspacing="0" border="0" style="width:100%"> <tr> -<td><h1>CodeIgniter User Guide Version 2.0.0</h1></td> +<td><h1>CodeIgniter User Guide Version 2.0.2</h1></td> <td id="breadcrumb_right"><a href="../toc.html">Table of Contents Page</a></td> </tr> </table> @@ -70,20 +70,20 @@ Input Class <h2>Security Filtering</h2> -<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> +<p>The security filtering function is called automatically when a new <a href="../general/controllers.html">controller</a> is invoked. It does the following:</p> <ul> -<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> +<li>Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.</li> <li>Destroys all global variables in the event register_globals is turned on.</li> <li>Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.</li> -<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> +<li>Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.</li> <li>Standardizes newline characters to \n</li> </ul> <h2>XSS Filtering</h2> -<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your +<p>The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your <kbd>application/config/config.php</kbd> file and setting this:</p> <code>$config['global_xss_filtering'] = TRUE;</code> @@ -93,9 +93,9 @@ Input Class <h2>Using POST, COOKIE, or SERVER Data</h2> -<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided +<p>CodeIgniter comes with three helper functions that let you fetch POST, COOKIE or SERVER items. The main advantage of using the provided functions rather than fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and -return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. +return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. In other words, normally you might do something like this:</p> <code> @@ -128,16 +128,36 @@ else<br /> <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> -<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> +<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> <code>$this->input->post('some_data', TRUE);</code> +<p>To return an array of all POST items call without any parameters.</p> +<p>To return all POST items and pass them through the XSS filter leave the first parameter blank while setting the second parameter to boolean;</p> +<p>The function returns FALSE (boolean) if there are no items in the POST.</p> + +<code> + $this->input->post(); // returns all POST items with XSS filter + <br /> + $this->input->post(NULL, FALSE); // returns all POST items without XSS +</code> + <h2>$this->input->get()</h2> <p>This function is identical to the post function, only it fetches get data:</p> <code>$this->input->get('some_data', TRUE);</code> +<p>To return an array of all GET items call without any parameters.</p> +<p>To return all GET items and pass them through the XSS filter leave the first parameter blank while setting the second parameter to boolean;</p> +<p>The function returns FALSE (boolean) if there are no items in the GET.</p> + +<code> + $this->input->get(); // returns all GET items with XSS filter + <br /> + $this->input->get(NULL, FALSE); // returns all GET items without XSS filtering +</code> + <h2>$this->input->get_post()</h2> <p>This function will search through both the post and get streams for data, looking first in post, and then in get:</p> @@ -159,7 +179,7 @@ else<br /> <h2>$this->input->set_cookie()</h2> -<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: +<p>Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: Array Method, and Discrete Parameters:</p> <h4>Array Method</h4> @@ -167,13 +187,14 @@ Array Method, and Discrete Parameters:</p> <p>Using this method, an associative array is passed to the first parameter:</p> <code>$cookie = array(<br /> - 'name' => 'The Cookie Name',<br /> - 'value' => 'The Value',<br /> - 'expire' => '86500',<br /> - 'domain' => '.some-domain.com',<br /> - 'path' => '/',<br /> - 'prefix' => 'myprefix_',<br /> - );<br /> + 'name' => 'The Cookie Name',<br /> + 'value' => 'The Value',<br /> + 'expire' => '86500',<br /> + 'domain' => '.some-domain.com',<br /> + 'path' => '/',<br /> + 'prefix' => 'myprefix_',<br /> + 'secure' => TRUE<br /> +);<br /> <br /> $this->input->set_cookie($cookie); </code> @@ -182,40 +203,41 @@ $this->input->set_cookie($cookie); <p>Only the name and value are required. To delete a cookie set it with the expiration blank.</p> -<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the -number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to +<p>The expiration is set in <strong>seconds</strong>, which will be added to the current time. Do not include the time, but rather only the +number of seconds from <em>now</em> that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open.</p> -<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> +<p>For site-wide cookies regardless of how your site is requested, add your URL to the <strong>domain</strong> starting with a period, like this: .your-domain.com</p> <p>The path is usually not needed since the function sets a root path.</p> <p>The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server.</p> +<p>The secure boolean is only needed if you want to make it a secure cookie by setting it to TRUE.</p> <h4>Discrete Parameters</h4> <p>If you prefer, you can set the cookie by passing data using individual parameters:</p> -<code>$this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix);</code> +<code>$this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure);</code> -<h2>$this->input->get_cookie()</h2> +<h2>$this->input->cookie()</h2> -<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> +<p>Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):</p> -<code>get_cookie('some_cookie');</code> +<code>cookie('some_cookie');</code> <p>The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.</p> -<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> +<p>The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;</p> -<p><code>get_cookie('some_cookie', TRUE);</code></p> +<p><code>cookie('some_cookie', TRUE);</code></p> <h2>$this->input->ip_address()</h2> -<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> +<p>Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0</p> <code>echo $this->input->ip_address();</code> <h2>$this->input->valid_ip(<var>$ip</var>)</h2> -<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above +<p>Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above validates the IP automatically.</p> <code>if ( ! $this->input->valid_ip($ip))<br /> @@ -231,10 +253,10 @@ else<br /> <h2>$this->input->user_agent()</h2> <p>Returns the user agent (web browser) being used by the current user. Returns FALSE if it's not available.</p> <code>echo $this->input->user_agent();</code> - +<p>See the <a href="user_agent.html">User Agent Class</a> for methods which extract information from the user agent string.</p> <h2>$this->input->request_headers()</h2> -<p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> +<p>Useful if running in a non-Apache environment where <a href="http://php.net/apache_request_headers">apache_request_headers()</a> will not be supported. Returns an array of headers.</p> <code>$headers = $this->input->request_headers();</code> @@ -247,7 +269,11 @@ else<br /> <h2>$this->input->is_ajax_request()</h2> <p>Checks to see if the <var>HTTP_X_REQUESTED_WITH</var> server header has been set, and returns a boolean response.</p> -<code>$this->input->is_ajax_request()</code> + +<h2>$this->input->is_cli_request()</h2> +<p>Checks to see if the <var>STDIN</var> constant is set, which is a failsafe way to see if PHP is being run on the command line.</p> + +<code>$this->input->is_cli_request()</code> </div> |