ExpressionEngine® 3 User Guide

Legacy Documentation

You are using the documentation for version 3.5.17. Go here for the latest version or check here for your available upgrades to the latest version.

Input Class

Calling the Input Class

class Input

ExpressionEngine uses the Input class for two main purposes:

  1. To provide some helper methods for fetching input data and pre-processing it.
  2. To pre-process global input data for security.

This class is initialized automatically.

Fetching a Superglobal value

You are not required to use this class to call the incoming data from the superglobal arrays, it will still be available through the superglobals themselves. However, the input class does offer some benefits.

The superglobal methods all allow the specification of an optional second parameter that lets you run the data through the XSS filter. It’s enabled by setting the second parameter to boolean TRUE.

Lastly, the superglobal methods will check to see if the item is set and return FALSE (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. In other words, normally you might do something like this:

if ( ! isset($_POST['something']))
{
    $something = FALSE;
}
else
{
    $something = $_POST['something'];
}

With the built-in methods you can simply do this:

$something = ee()->input->post('something');

To automatically run the returned data through the Security::xss_clean method, simply specify the second parameter is TRUE:

$something = ee()->input->post('something', TRUE);

The available superglobal methods are:

Input::post($index[, $xss_clean = FALSE])

The first parameter will contain the name of the POST item you are looking for:

ee()->input->post('some_data');
Parameters:
  • $index (string) – Name of the input in the $_POST array
  • $xss_clean (boolean) – If set to TRUE the value will be run through Security::xss_clean
Returns:

Value stored in $_POST

Return type:

String

Input::get($index[, $xss_clean = FALSE])

This method is identical to the post method, only it fetches get data:

ee()->input->get('some_data');
Parameters:
  • $index (string) – Name of the input in the $_GET array
  • $xss_clean (boolean) – If set to TRUE the value will be run through Security::xss_clean
Returns:

Value stored in $_GET

Return type:

String

Input::get_post($index[, $xss_clean = FALSE])

This method will search through both the post and get streams for data, looking first in post, and then in get:

ee()->input->get_post('some_data');
Parameters:
  • $index (string) – Name of the input in the $_POST or $_GET array
  • $xss_clean (boolean) – If set to TRUE the value will be run through Security::xss_clean
Returns:

Value stored in $_POST or $_GET

Return type:

String

Input::cookie($index[, $xss_clean = FALSE])

This method is identical to the post method, only it fetches cookie data:

ee()->input->cookie('some_data');
Parameters:
  • $index (string) – Name of the input in the $_COOKIE array
  • $xss_clean (boolean) – If set to TRUE the value will be run through Security::xss_clean
Returns:

Value stored in $_COOKIE

Return type:

String

Input::server($index[, $xss_clean = FALSE])

This method is identical to the above method, only it fetches server data:

ee()->input->server('some_data');
Parameters:
  • $index (string) – Name of the input in the $_SERVER array
  • $xss_clean (boolean) – If set to TRUE the value will be run through Security::xss_clean
Returns:

Value stored in $_SERVER

Return type:

String

Input::ip_address()

Returns the IP address for the current user. If the IP address is not valid, the method will return an IP of: 0.0.0.0:

echo ee()->input->ip_address();
Returns:IP address for the current user
Return type:String
Input::valid_ip($ip[, $which = ''])

Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not.

Note

The Input::ip_address method above validates the IP automatically.

if ( ! $this->input->valid_ip($ip))
{
    echo 'Not Valid';
}
else
{
    echo 'Valid';
}
Parameters:
  • $ip (string) – IP address to validate
  • $which (string) – Specify 'ipv4' or 'ipv6' to validate a specific type of IP address
Returns:

TRUE if valid, FALSE otherwise

Return type:

Boolean

Input::user_agent()

Returns the user agent (web browser) being used by the current user:

echo ee()->input->user_agent();
Returns:The user agent, otherwise FALSE
Return type:Mixed

Cleaning Superglobals

The input class is loaded by EE core early in processing. It automatically does the following:

  • Destroys all global variables in the event register_globals is turned on.
  • Filters the POST/GET/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.
  • Standardizes newline characters to \\n

Setting and Deleting Cookies

The input library contains two methods for manipulating cookies. One for setting them and one for deleting them before their expiration.