• Navigation
  • Main page
  • Recent changes
  • Random page
  • Help
• Toolbox
  • What links here
  • Related changes
  • Upload file
  • Special pages
  • Printable version
  • Permanent link
  • Print as PDF

Input Class

From EQdkp Plus Wiki

Input Class

What is the input class?

The input class helps you, to get the $_GET, $_POST, $_SERVER, $_COOKIE, $_ENV in a secure way. It uses PHP5 Filter techniques to secure the input given by users.

Why using an input class?

You should never trust user inputs. Because of that, you'll have to secure these inputs against Injections or XSS. The Input class help you to minimize the time & code to be used for securing it. In 0.7 all $_POST and $_GET calls should be removed and replaced by $in->get calls.

How to use it?

Its pretty simple: Just use this code instead of the $_POST and $_GET calls.

Single Calls

$in->get($key, $default='', $owntype='')

Arrays

$in->getArray($key, $type, $max_depth = 10)

Check if exists

To check if a value exists, use the following function

$in->exists($key, $type)

Type is only used for Array inputs. If its a plain input, you do not need to provide this information-

Some Tricks

Fetching a single value in an array

It is possible to get $_POST['members'][4]['name'] via $in->get($key, $default). You simply have to pass as $key "members:4:name". Same is working if you like to fetch an array in an array: $in->getArray('members:2:comment_ids', 'int'); could be such a call.

Check if an integer is set

if($in->get('userid', 0) > 0){
// CODE
}

This Code checks id the UserID is larger than null. If no $_POST/$_GET is available, it is set to 0 cause of the fallback provided in the get-call.

Check if an string is set

Its a bit tricky: empty() or isset() are not working. You should use it at shown in our code sample:

if($in->get('username') != ''){
// CODE
}

You simply check if its not equal to an empty string.