This article mainly introduces CI Core Framework tool class Ci_input.
According to the CI document's own definition, this class is used to:
- Handle global variables ahead of time to ensure security;
- Provides some help functions for working with input data.
The following key methods in the Select class are described.
__construct ()
The constructor, by definition, is used to determine whether global XSS processing is turned on and whether the $_get array is allowed.
Call the function $this->_sanitize_globals();
to clean up the data in $_get,$_post, $COOKIE, $_server[' php_self ']. Used primarily to detect the presence of illegal characters in key names and key values to prevent XSS attacks.
The security class ci_security is also transferred for CRSF defense.
// CSRF Protection check if ($this->_enable_csrf === TRUE && ! is_cli()) { $this->security->csrf_verify(); }
Reading input variables
The main methods are:
- $this->input->post ()
- $this->input->get ()
- $this->input->cookie ()
- $this->input->server ()
At the same time you can also use php://input
or $this->input->raw_input_stream;
to get raw data.
Other tool functions
For example:
- Is_cli_request ()
- Is_ajax_request ()
- Get_request_header ()
Wait a minute.
PHP Excellent framework CodeIgniter Learning Series--ci_input class Learning