Thinkphp3.x of the method of obtaining and filtering the variable in the _php example

The method of obtaining and filtering variables in thinkphp3.x is described in this paper. Share to everyone for your reference, specific as follows:

Here we'll learn how to use variables and filter variables in thinkphp.

In the process of web development, we often need to get system variables or user submitted data, these variables data is complex, and inadvertently easy to cause security risks, but if the use of good thinkphp provided by the variable access function, you can easily access and control variables.

First, get the variable

1. First, let's talk about how to get variables.

The first way: traditional access, you can still use the traditional way in the development process to obtain various system variables, such as:

$id = $_get[' id '];//gets the get variable
$name = $_post[' name '];//get the POST variable
$value = $_session[' var '];//get the session variable
$ name = $_cookie[' name '];//get COOKIE variable
$file = $_server[' php_self '];//get SERVER variable

It is not recommended to use the traditional method directly, because there is no unified security processing mechanism, if the later adjustment, it will be more trouble to change.

The second way: using the dynamic method provided by the action class

The system's action class provides enhanced access to system variables, including the GET, POST, put, REQUEST, session, COOKIE, server, and Globals parameters, in addition to obtaining variable values, also provides variable filtering and default value support, simple to use , you only need to call the following method in the action:

$id = $this->_get (' id ');//gets get variable
$name = $this->_post (' name ');//Get post variable
$value = $this->_session ( ' var ')//Get session variable
$name = $this->_cookie (' name ');//Get cookie variable
$file = $this->_server (' php_self ') ;//Get server variable

The calling format is:

$this-> Method Name ("Variable name", [Filter Method],["default value"])

Supported method names:

_get gets the Get parameter
_post Get Post Parameters
_param automatically determines the request type gets a GET, post, or put parameter
_request GET request parameter
_put get put parameter
_session Get $_session parameters
_cookie Get $_cookie parameters
_server Get $_server parameters
_globals Get $globals parameters

Variable name: (required) is the name of the system variable to get

Filtering method: (optional) can use any of the built-in functions or custom function names, if not specified, the default Htmlspecialchars function for security filtering (by the Default_filter parameter configuration), the parameter is the previous method name to get the value,

This means that if you call:

$this->_get ("name");

The result of the final call is Htmlspecialchars ($_get["name"), and if you want to change the filtering method, you can use:

$this->_get ("name", "Strip_tags");

Default value: (optional) is the default value that is set if the parameter variable you want to get does not exist, for example:

$this->_get ("id", "strip_tags", 0);

If $_get["id" does not exist, it returns 0.

If you do not set any default values, the system returns null by default.

Other methods are similar in usage.

It seems to be a little different, but there is an obvious advantage that if I need to add or change the same filter for these variables, generally do not need to modify the variable to get the code, but in the project configuration file to add a configuration parameter, such as:

' Default_filter ' => ' strip_tags '

All dynamically obtained variables are uniformly filtered using the Strip_tags method, or multiple filtering methods can be supported, for example:

' Default_filter ' => ' strip_tags,htmlspecialchars '

The Strip_tags filter is first performed and then Htmlspecialchars filtered.

If you need to customize the filtering method when you get a variable, you can change it to:

$name = $this->_post (' content ', ' trim,strip_tags ');
Get Post variables and filter

If you set up a unified variable filtering method in your project configuration, but want to filter some variables, you can use:

$name = $this->_post (' id ', ', ', 0);

If your parameters may come from multiple submissions, you can use the _param method for easier access, such as:

$this->_param (' id ');

is currently committed for a Get method, it is equivalent to

$this->_get (' id ');

is currently submitted for post, which is equivalent to

$this->_post (' id ');

If submitted for put, it is equivalent to

$this->_put (' id ');

The advantage is naturally obvious, the same method can accept different types of submission variables, do not have to manually do too many judgments to get different parameters.

Second, get URL parameters

In some cases, we also have a special need to get the URL parameters, in general, get the URL parameter is to take the way of getting variable is enough, but for our custom URL, or in the case of routing, URL parameters may not be regular, this time, We can use another way to get it.

For example, the current URL address is:

http://localhost/index.php/news/hello_world/thinkphp

We're going to get the parameters, which we can use:

$this->_param (0); Get news
$this->_param (1);//Get Hello_world
$this->_param (2);//Get thinkphp

However, the _param (digital) method is obtained, only valid for PathInfo mode URL address

Third, variable filter

We've already learned how to use the methods provided by the action class to get and filter variables, but how do we do data filtering without invoking these dynamic methods?

Thinkphp also provides two ways to perform data filtering operations:

First: Configure the global variable filtering

This situation is for some of the more-used situations where you can configure global filtering to simplify operations, such as adding parameters to the project configuration file:

' Var_filters ' => ' strip_tags '

The global get and post variables are filtered, and other types of system variables need to be filtered by themselves.

Second: variable filtering before writing to the database

If your variable data is to be written to the database, you can call the filter method to safely filter the data before it is written to the database, for example:

$this->data ($data)->filter (' Strip_tags ')->add ();

The $data data is strip_tags filtered before the Add method is executed. However, under this method, the filter method does not support multiple filtering methods.

Iv. Summary

Using thinkphp, we can easily access and filter system variables, your development skills significantly improved a lot. Come on, and I'll explain how to use routing later.

PS: Here recommend a few of the format of this site landscaping tools, I believe that we can use in future development:

PHP code online format Landscaping tools:
Http://tools.jb51.net/code/phpformat

JavaScript code Landscaping/compression/formatting/encryption Tools:
http://tools.jb51.net/code/jscompress

Online XML format/compression tools:
Http://tools.jb51.net/code/xmlformat

JSON Code Formatting Landscaping tool:
Http://tools.jb51.net/code/json

Online Xml/json Mutual Conversion tool:
Http://tools.jb51.net/code/xmljson

JSON code online Format/beautify/compress/edit/Convert tools:
Http://tools.jb51.net/code/jsoncodeformat

SQL code Online formatting Landscaping tools:
Http://tools.jb51.net/code/sqlcodeformat

More interested in thinkphp related content readers can view the site topics: "thinkphp Introductory Course", "thinkphp Common Methods Summary", "PHP Cookie Usage Summary", "Smarty Template Introductory Course" and "PHP template technology Summary."

I hope this article will help you with the PHP program design based on thinkphp framework.