The I method of thinkphp is 3.1.3 is new, if you are a previous version of 3.*, you can refer directly to the variables section of the 3.1 Quick Start Tutorial series. Overview As you can see, the I method is a new member of the thinkphp many single-letter functions, whose name comes from the English input (input), which is mainly used for more convenient and secure access to the system input variables, available anywhere, using the following format:
I (' variable ' type. Variable name ', [' Default '],[' Filter Method '])
The type of the variable refers to the type of request or input, including:
Variable type
Meaning
Get
Get Get Parameters
Post
Get Post Parameters
Param
Automatically determine request type get get, post or put parameters
Request
Get the request parameter
Put
Get put parameters
Session
Get $_session parameter
Cookies
Get $_cookie parameter
Server
Get $_server parameter
Globals
Get $GLOBALS parameters
Note: Variable types are not case-sensitive.
Variable names are strictly case-sensitive.
Both the default and filtering methods are optional parameters. Using the Get variable type as an example, we illustrate the use of the next I method:
- echo I(‘get.id‘); // 相当于 $_GET[‘id‘]
- echo I(‘get.name‘); // 相当于 $_GET[‘name‘]
复制代码
Default values are supported:
- echo I(‘get.id‘,0); // 如果不存在$_GET[‘id‘] 则返回0
- echo I(‘get.name‘,‘‘); // 如果不存在$_GET[‘name‘] 则返回空字符串
复制代码
Filter by Method:
- echo I(‘get.name‘,‘‘,‘htmlspecialchars‘); // 采用htmlspecialchars方法对$_GET[‘name‘] 进行过滤,如果不存在则返回空字符串
复制代码
Supports direct access to the entire variable type, for example:
- I(‘get.‘); // 获取整个$_GET 数组
复制代码
In the same way, we can get the variables of post or other input types, for example:
- I(‘post.name‘,‘‘,‘htmlspecialchars‘); // 采用htmlspecialchars方法对$_POST[‘name‘] 进行过滤,如果不存在则返回空字符串
- I(‘session.user_id‘,0); // 获取$_SESSION[‘user_id‘] 如果不存在则默认为0
- I(‘cookie.‘); // 获取整个 $_COOKIE 数组
- I(‘server.REQUEST_METHOD‘); // 获取 $_SERVER[‘REQUEST_METHOD‘]
复制代码
The Param variable type is a framework-specific method of obtaining a variable that automatically determines the current request type, for example:
- echo I(‘param.id‘);
复制代码
If the current request type is get, then it is equivalent to $_get[' ID '), if the current request type is POST or put, then it is equivalent to getting $_post[' id ' or put parameter ID.
And the param type variable can also get the URL parameter in the form of a numeric index (must be valid for the PathInfo mode parameter, either get or post), for example:
The current Access URL address is
- http://serverName/index.php/New/2013/06/01
复制代码
Then we can pass
- echo I(‘param.1‘); // 输出2013
- echo I(‘param.2‘); // 输出06
- echo I(‘param.3‘); // 输出01
复制代码
In fact, the Param variable type can be simplified to:
- I(‘id‘); // 等同于 I(‘param.id‘)
- I(‘name‘); // 等同于 I(‘param.name‘)
复制代码
Variable filter using the I method when the variable actually after two filters, the first is the global filter, the global filter is configured by the Var_filters parameter, it is important to note that after the 3.1 version, the var_filters parameter filtering mechanism has been changed to adopt Array_walk_ Recursive method recursive filtering, the main requirement for the filtering method is that the reference must be returned, so setting htmlspecialchars here is not valid, you can customize a method, for example:
- function filter_default(&$value){
- $value = htmlspecialchars($value);
- }
复制代码
Then configure:
- ‘VAR_FILTERS‘=>‘filter_default‘
复制代码
If you need to filter multiple times, you can use:
- ‘VAR_FILTERS‘=>‘filter_default,filter_exp‘
复制代码
The Filter_exp method is a security filtering method built into the framework to prevent injection attacks using the EXP function of the model.
Because the Var_filters parameter is set by the global filtering mechanism, and the use of recursive filtering, has an impact on efficiency, so, we recommend directly to get the variable filter, in addition to the I method of the third parameter to set the filter method, you can also use the configuration Default_ Filter parameter, in fact, the default setting for this parameter is:
- ‘DEFAULT_FILTER‘ => ‘htmlspecialchars‘
复制代码
It is also said that all acquisition variables of the I method are htmlspecialchars filtered, then:
- I(‘get.name‘); // 等同于 htmlspecialchars($_GET[‘name‘])
复制代码
Similarly, this parameter can support multiple filters, such as:
- ‘DEFAULT_FILTER‘ => ‘strip_tags,htmlspecialchars‘
复制代码
- I(‘get.name‘); // 等同于 htmlspecialchars(strip_tags($_GET[‘name‘]))
复制代码
If we specify a filtering method when using the I method, the Default_filter setting is ignored, for example:
- echo I(‘get.name‘,‘‘,‘strip_tags‘); // 等同于 strip_tags($_GET[‘name‘])
复制代码
The third parameter of the I method, if passed in the function name, means that the function is called to filter the variable and return (automatically using Array_map for filtering if the variable is an array), otherwise the PHP built-in Filter_var method is called to filter processing, for example:
- I(‘post.email‘,‘‘,FILTER_VALIDATE_EMAIL);
复制代码
Indicates that $_post[' email ' is formatted and returns an empty string if it does not meet the requirements.
(For more verification formats, refer to the Filter_var usage of the official manual.) )
Or you can use the following characters to identify the way:
- I(‘post.email‘,‘‘,‘email‘);
复制代码
The filter names that can be supported must be valid values in the Filter_list method (different server environments may vary) and may support the following:
- int
- boolean
- float
- validate_regexp
- validate_url
- validate_email
- validate_ip
- string
- stripped
- encoded
- special_chars
- unsafe_raw
- email
- url
- number_int
- number_float
- magic_quotes
- callback
复制代码
In some special cases, we do not want to do any filtering, even if the default_filter has been set, you can use:
- I(‘get.name‘,‘‘,NULL);
复制代码
Once the filter parameter is set to NULL, any filtering is no longer performed.
thinkphp function: I method