Parameter Validation
The Input
component is responsible for working with incoming parameters. You can obtain its object by calling the bff::input()
application method or, in the context of modules and add-ons, you can also use $this->input->
.
The component works with all the main request methods: GET, POST, COOKIE, SERVER, and provides corresponding methods for accessing the data:
$this->input->get('name');
$this->input->post('name');
$this->input->cookie('name');
$this->input->server('name');
Additionally, it is possible to specify a mixed variant:
// Get data from a GET request; if not found, try POST
$this->input->getpost('name');
// Vice versa
$this->input->postget('name');
The second parameter in these methods specifies the type of data conversion:
// The value will be converted to an unsigned integer
$id = $this->input->get('id', TYPE_UINT);
// boolean
$active = $this->input->get('active', TYPE_BOOL);
// string
$string = $this->input->get('name', TYPE_STR);
The following types of conversion are available:
-
TYPE_NOCLEAN
- no changes -
TYPE_BOOL
- boolean (true/false) -
TYPE_INT
- integer -
TYPE_UINT
- unsigned integer -
TYPE_NUM
- number (floating point number, float/double) -
TYPE_UNUM
- unsigned number (floating point number) -
TYPE_UNIXTIME
- unix datestamp (unsigned integer) (date in Unix format) -
TYPE_STR
- trimmed string (string without spaces at the beginning and end) -
TYPE_NOTRIM
- string - no trim (string with allowed spaces at the beginning and end) -
TYPE_NOHTML
- trimmed string (string processed by htmlspecialchars) -
TYPE_ARRAY
- array -
TYPE_BINARY
- binary string (e.g., contents of a binary file) -
TYPE_NOHTMLCOND
- trimmed string with HTML made safe if determined to be unsafe -
TYPE_NOTAGS
- trimmed string, stripped tags (string processed by strip_tags) -
TYPE_DATE
- date (textual representation of the date) -
TYPE_PRICE
- price (price converted to the format 0.5) -
TYPE_TEXT
- plain text (safe string processed by strip_tags with support for active links) -
TYPE_JSON
- json (array based on a JSON string) -
TYPE_PASS
- password (password phrase with allowed spaces at the beginning and end)
It is also possible to convert data to an array of a specific type. To do this, use:
-
TYPE_ARRAY_BOOL
-
TYPE_ARRAY_INT
-
TYPE_ARRAY_UINT
-
TYPE_ARRAY_NUM
-
TYPE_ARRAY_UNUM
-
TYPE_ARRAY_UNIXTIME
-
TYPE_ARRAY_STR
-
TYPE_ARRAY_NOTRIM
-
TYPE_ARRAY_NOHTML
-
TYPE_ARRAY_ARRAY
-
TYPE_ARRAY_BINARY
-
TYPE_ARRAY_NOHTMLCOND
-
TYPE_ARRAY_NOTAGS
-
TYPE_ARRAY_DATE
-
TYPE_ARRAY_PRICE
-
TYPE_ARRAY_TEXT
There are also convenient methods for checking compliance with the specified format:
$email = $this->input->get('email');
if ( ! $this->input->isEmail($email)) {
$this->errors->set(_t('users', 'The email address was incorrectly specified'));
}
Phone number verification:
$phone = $this->input->get('phone');
if ( ! $this->input->isPhoneNumber($phone)) {
$this->errors->set(_t('users', 'The phone number was incorrectly specified'));
}