Legacy Documentation
You are using the documentation for version 3.5.17. Go here for the latest version or check here for your available upgrades to the latest version.
Input Class¶
Calling the Input Class¶
-
class
Input
¶ ExpressionEngine uses the Input class for two main purposes:
- To provide some helper methods for fetching input data and pre-processing it.
- To pre-process global input data for security.
This class is initialized automatically.
Fetching a Superglobal value¶
You are not required to use this class to call the incoming data from the superglobal arrays, it will still be available through the superglobals themselves. However, the input class does offer some benefits.
The superglobal methods all allow the specification of an optional second parameter that lets you run the data through the XSS filter. It’s enabled by setting the second parameter to boolean TRUE.
Lastly, the superglobal methods will check to see if the item is set
and return FALSE
(boolean) if not. This lets you conveniently use
data without having to test whether an item exists first. In other
words, normally you might do something like this:
if ( ! isset($_POST['something']))
{
$something = FALSE;
}
else
{
$something = $_POST['something'];
}
With the built-in methods you can simply do this:
$something = ee()->input->post('something');
To automatically run the returned data through the
Security::xss_clean
method, simply specify the second
parameter is TRUE
:
$something = ee()->input->post('something', TRUE);
The available superglobal methods are:
-
Input::
post
($index[, $xss_clean = FALSE])¶ The first parameter will contain the name of the
POST
item you are looking for:ee()->input->post('some_data');
Parameters: - $index (string) – Name of the input in the
$_POST
array - $xss_clean (boolean) – If set to
TRUE
the value will be run throughSecurity::xss_clean
Returns: Value stored in
$_POST
Return type: String
- $index (string) – Name of the input in the
-
Input::
get
($index[, $xss_clean = FALSE])¶ This method is identical to the post method, only it fetches get data:
ee()->input->get('some_data');
Parameters: - $index (string) – Name of the input in the
$_GET
array - $xss_clean (boolean) – If set to
TRUE
the value will be run throughSecurity::xss_clean
Returns: Value stored in
$_GET
Return type: String
- $index (string) – Name of the input in the
-
Input::
get_post
($index[, $xss_clean = FALSE])¶ This method will search through both the post and get streams for data, looking first in post, and then in get:
ee()->input->get_post('some_data');
Parameters: - $index (string) – Name of the input in the
$_POST
or$_GET
array - $xss_clean (boolean) – If set to
TRUE
the value will be run throughSecurity::xss_clean
Returns: Value stored in
$_POST
or$_GET
Return type: String
- $index (string) – Name of the input in the
This method is identical to the post method, only it fetches cookie data:
ee()->input->cookie('some_data');
Parameters: - $index (string) – Name of the input in the
$_COOKIE
array - $xss_clean (boolean) – If set to
TRUE
the value will be run throughSecurity::xss_clean
Returns: Value stored in
$_COOKIE
Return type: String
- $index (string) – Name of the input in the
-
Input::
server
($index[, $xss_clean = FALSE])¶ This method is identical to the above method, only it fetches server data:
ee()->input->server('some_data');
Parameters: - $index (string) – Name of the input in the
$_SERVER
array - $xss_clean (boolean) – If set to
TRUE
the value will be run throughSecurity::xss_clean
Returns: Value stored in
$_SERVER
Return type: String
- $index (string) – Name of the input in the
-
Input::
ip_address
()¶ Returns the IP address for the current user. If the IP address is not valid, the method will return an IP of: 0.0.0.0:
echo ee()->input->ip_address();
Returns: IP address for the current user Return type: String
-
Input::
valid_ip
($ip[, $which = ''])¶ Takes an IP address as input and returns
TRUE
orFALSE
(boolean) if it is valid or not.Note
The
Input::ip_address
method above validates the IP automatically.if ( ! $this->input->valid_ip($ip)) { echo 'Not Valid'; } else { echo 'Valid'; }
Parameters: - $ip (string) – IP address to validate
- $which (string) – Specify
'ipv4'
or'ipv6'
to validate a specific type of IP address
Returns: TRUE
if valid,FALSE
otherwiseReturn type: Boolean
-
Input::
user_agent
()¶ Returns the user agent (web browser) being used by the current user:
echo ee()->input->user_agent();
Returns: The user agent, otherwise FALSE
Return type: Mixed
Cleaning Superglobals¶
The input class is loaded by EE core early in processing. It automatically does the following:
- Destroys all global variables in the event
register_globals
is turned on. - Filters the
POST
/GET
/COOKIE
array keys, permitting only alpha-numeric (and a few other) characters. - Standardizes newline characters to
\\n
Setting and Deleting Cookies¶
The input library contains two methods for manipulating cookies. One for setting them and one for deleting them before their expiration.
set_cookie¶
Sets cookie based on name and value. The advantage to using this function over the standard PHP function is EE will automatically add the cookie domain, cookie prefix, and cookie path as specified in the preferences. Those are helpful for making these cookies unique to EE and not interfering with other cookies set for your site by other software.
Parameters: - $name (string) – Name of the cookie
- $value (string) – Value of the cookie
- $expire (integer) – When the cookie should expire, if left blank the time is set to the past and the cookie will expire immediately
Return type: Void
delete_cookie¶
Cleanly delete a cookie. The advantage to using this function over the standard PHP function is EE will automatically add the cookie domain, cookie prefix, and cookie path as specified in the preferences.
Parameters: - $name (string) – Name of the cookie
Return type: Void