ThinkPHP I method usage

The I method of ThinkPHP is a new member of many single-letter functions. it is mainly used to conveniently and securely obtain system input variables and can be used anywhere. This article mainly introduces the ThinkPHP I Method. For more information about ThinkPHP, see ThinkPHP.

The I method of ThinkPHP is a new member of many single-letter functions. It is named after an English Input. it is mainly used to conveniently and securely obtain system Input variables and can be used anywhere, the format is as follows:
I ('variable type. variable name', ['default'], ['filtering method'])

Variable type refers to the request method or input type.

The meanings of each variable type are as follows:

Variable type	Description
Get	GET parameters
Post	Get POST parameters
Param	GET, POST, or PUT parameters for automatically determining request types
Request	Get request parameters
Put	Get PUT parameters
Session	Get $ _ SESSION parameters
Cookie	Get $ _ COOKIE parameters
Server	Get $ _ SERVER parameters
Globals	Get $ GLOBALS parameters

Note: The variable type is case insensitive.
Variable names are case sensitive.
The default value and filtering method are optional.

1. usage:

Let's take the GET variable type as an example to describe the use of the I method:

Echo I ('Get. ID'); // equivalent to $ _ GET ['id'] echo I ('Get. name'); // equivalent to $ _ GET ['name']

Supported Default values:

Echo I ('Get. ID', 0); // if $ _ GET ['id'] does not exist, 0 echo I ('Get. name', ''); // if $ _ GET ['name'] does not exist, an empty string is returned.

Filter by method:

Echo I ('Get. name', '', 'htmlspecialchars'); // use the htmlspecialchars method to filter $ _ get ['name']. if it does not exist, an empty string is returned.

You can directly obtain the entire variable type, for example:

I ('Get. '); // Obtain the entire $ _ get array

In the same way, we can obtain post or other input variables, such:

I ('post. name ', '', 'htmlspecialchars'); // use the htmlspecialchars method to filter $ _ POST ['name']. if it does not exist, an empty string I ('session. user_id ', 0); // Get $ _ SESSION ['User _ id']. if it does not exist, the default value is 0I ('cookie. '); // Obtain the entire $ _ COOKIE array I ('server. REQUEST_METHOD '); // Get $ _ SERVER ['request _ method']

The param variable type is a type of variable that is unique to the framework and supports automatic determination of the current request type. for example:

echo I('param.id');

If the current request type is GET, it is equivalent to $ _ GET ['id']. if the current request type is POST or PUT, this is equivalent to obtaining the $ _ POST ['id'] or PUT parameter id.
In addition, the param type variable can also be used to obtain the URL parameter by means of a digital index (the parameter must be in the PATHINFO mode, and both GET and POST modes are valid). For example:
The current access URL is
Http: // serverName/index. php/New/2013/06/01

Then we can use

Echo I ('param. 1 '); // output 2013 echo I ('param. 2 '); // output 06 echo I ('param. 3 '); // Output 01

In fact, the param variable type can be simplified:

I ('id'); // equivalent to I ('param. id') I ('name'); // equivalent to I ('param. name ')

2. variable filtering

When using the I method, the variables are actually filtered by two methods. The first is global Filtering. The global filtering is done by configuring the VAR_FILTERS parameter. Note that after version 3.1, the filtering mechanism of the VAR_FILTERS parameter has been changed to apply the array_walk_recursive method for recursive filtering. The primary requirement for filtering is that the returned results must be referenced. Therefore, setting htmlspecialchars here is invalid, you can customize a method, for example:

function filter_default(&$value){  $value = htmlspecialchars($value); }

Then configure:

'VAR_FILTERS'=>'filter_default'

If you need to filter multiple times, you can use:

'VAR_FILTERS'=>'filter_default,filter_exp'

The filter_exp method is a built-in security filtering method used to prevent injection attacks by using the EXP function of the model.

Because the VAR_FILTERS parameter is set to a global filtering mechanism and uses recursive filtering, which affects the efficiency, we recommend that you directly filter the obtained variables, in addition to setting the filtering method for the third parameter of the I method, you can also configure the DEFAULT_FILTER parameter to set Filtering. In fact, the default setting of this parameter is:

'DEFAULT_FILTER'    => 'htmlspecialchars'

That is to say, all the variables obtained by The I method will be filtered by htmlspecialchars, so:

I ('Get. name'); // equivalent to htmlspecialchars ($ _ get ['name'])

Similarly, this parameter supports multiple filters, for example:

'DEFAULT_FILTER'    => 'strip_tags,htmlspecialchars'

I ('Get. name'); // equivalent to htmlspecialchars (strip_tags ($ _ get ['name'])

If we specify a filtering method when using the I method, the DEFAULT_FILTER settings will be ignored, for example:

Echo I ('Get. name', '', 'strip _ tags'); // equivalent to strip_tags ($ _ get ['name'])

If the third parameter of method I is passed in the function name, it indicates that the function is called to filter the variables and return the results (array_map is automatically used for filtering when the variables are arrays ), otherwise, the PHP built-in filter_var method will be called for filtering, for example:

I('post.email','',FILTER_VALIDATE_EMAIL);

The format of $ _ POST ['email '] is verified. if the format does not meet the requirements, an empty string is returned.
(For more verification formats, refer to the official manual's filter_var usage .)
Alternatively, you can use the following character identification method:

I('post.email','','email');

The supported filter names must be valid values in the filter_list method (different server environments may be different), which may include:

int boolean floatvalidate_regexpvalidate_urlvalidate_emailvalidate_ip stringstrippedencodedspecial_charsunsafe_rawemailurlnumber_intnumber_floatmagic_quotescallback

In some special cases, we do not want to perform any filtering, even if the DEFAULT_FILTER has been set, you can use:

I('get.name','',NULL);

Once the filter parameter is set to NULL, it indicates that no filtering is performed.