Parameter Validation

The Input component is responsible for working with incoming parameters. You can obtain its object by calling the bff::input() application method or, in the context of modules and add-ons, you can also use $this->input->.

The component works with all the main request methods: GET, POST, COOKIE, SERVER, and provides corresponding methods for accessing the data:

    $this->input->get('name');
    $this->input->post('name');
    $this->input->cookie('name');
    $this->input->server('name');

Additionally, it is possible to specify a mixed variant:

    // Get data from a GET request; if not found, try POST
    $this->input->getpost('name');
    // Vice versa
    $this->input->postget('name');

The second parameter in these methods specifies the type of data conversion:

    // The value will be converted to an unsigned integer
    $id = $this->input->get('id', TYPE_UINT);
    // boolean
    $active = $this->input->get('active', TYPE_BOOL);
    // string
    $string = $this->input->get('name', TYPE_STR);

The following types of conversion are available:

  • TYPE_NOCLEAN - no changes
  • TYPE_BOOL - boolean (true/false)
  • TYPE_INT - integer
  • TYPE_UINT - unsigned integer
  • TYPE_NUM - number (floating point number, float/double)
  • TYPE_UNUM - unsigned number (floating point number)
  • TYPE_UNIXTIME - unix datestamp (unsigned integer) (date in Unix format)
  • TYPE_STR - trimmed string (string without spaces at the beginning and end)
  • TYPE_NOTRIM - string - no trim (string with allowed spaces at the beginning and end)
  • TYPE_NOHTML - trimmed string (string processed by htmlspecialchars)
  • TYPE_ARRAY - array
  • TYPE_BINARY - binary string (e.g., contents of a binary file)
  • TYPE_NOHTMLCOND - trimmed string with HTML made safe if determined to be unsafe
  • TYPE_NOTAGS - trimmed string, stripped tags (string processed by strip_tags)
  • TYPE_DATE - date (textual representation of the date)
  • TYPE_PRICE - price (price converted to the format 0.5)
  • TYPE_TEXT - plain text (safe string processed by strip_tags with support for active links)
  • TYPE_JSON - json (array based on a JSON string)
  • TYPE_PASS - password (password phrase with allowed spaces at the beginning and end)

It is also possible to convert data to an array of a specific type. To do this, use:

  • TYPE_ARRAY_BOOL
  • TYPE_ARRAY_INT
  • TYPE_ARRAY_UINT
  • TYPE_ARRAY_NUM
  • TYPE_ARRAY_UNUM
  • TYPE_ARRAY_UNIXTIME
  • TYPE_ARRAY_STR
  • TYPE_ARRAY_NOTRIM
  • TYPE_ARRAY_NOHTML
  • TYPE_ARRAY_ARRAY
  • TYPE_ARRAY_BINARY
  • TYPE_ARRAY_NOHTMLCOND
  • TYPE_ARRAY_NOTAGS
  • TYPE_ARRAY_DATE
  • TYPE_ARRAY_PRICE
  • TYPE_ARRAY_TEXT

There are also convenient methods for checking compliance with the specified format:

    $email = $this->input->get('email');
    if ( ! $this->input->isEmail($email)) {
        $this->errors->set(_t('users', 'The email address was incorrectly specified'));
    }

Phone number verification:

    $phone = $this->input->get('phone');
    if ( ! $this->input->isPhoneNumber($phone)) {
        $this->errors->set(_t('users', 'The phone number was incorrectly specified'));
    }