D 2010-07-03T11:13:19
L input.php
U mario
W 1047
<h2>input.php</h2>
input.php provides object-oriented security wrappers around:
- $_POST
- $_GET
- $_REQUEST
- $_SERVER
- $_COOKIE
It's located in ext/contrib/input.php, and on invokation automatically replaces the plain $_REQUEST arrays with objects.
This **enforces** accessing input and form data through filter functions:
$_REQUEST->name("inputfield")
There are various filter functions provided per default. But ultimately each application should add custom filter functions, whenever specific input strings are to be expected.
To make the transition easier, the input wrappers provide two additional access methods. Becaus reqriting $_REQUEST<nowiki>["var"]</nowiki> to $_REQUEST->int("var") is a lot of typing, it can be reduced to just adding the ->filter call, leaving angle brackets in place:
- $_REQUEST->name<nowiki>["var"]</nowiki>
Another option is the all-objectish access pattern:
- $_REQUEST->name->var
Besides the aforementioned standard method call:
- $_REQUEST->name("var")
Z 79292709911831c2bd89987a68e4f1e5