In this article, we will learn how to use variables and filter variables in ThinkPHP. During Web development, we often need to obtain system variables or data submitted by users. these variable data is complex and may cause security risks if we are not careful, however, if ThinkPHP provides the variable retrieval function, you can easily obtain and control the variables. in this article, we will learn how to use and filter variables in ThinkPHP.
During Web development, we often need to obtain system variables or data submitted by users. these variable data is complex and may cause security risks if we are not careful, however, if ThinkPHP provides the variable acquisition function, you can easily obtain and control variables.
If you are using version 3.1.3 or later, you can directly refer to the I function usage in the new version, basically covering the content of this chapter.
First, let's talk about how to get variables.
Method 1: traditional acquisition method
You can still obtain various system variables in the traditional way during development, for example:
- $ Id = $ _ GET ['id']; // get the GET variable
- $ Name = $ _ POST ['name']; // get the post variable
- $ Value = $ _ SESSION ['var']; // Get the session variable
- $ Name = $ _ COOKIE ['name']; // Obtain the cookie variable
- $ File = $ _ SERVER ['php _ SELF ']; // get the server variable
It is not recommended to directly obtain the copied code in the traditional way, because there is no unified security processing mechanism, and it will be troublesome to modify it later.
Method 2: Use the dynamic method provided by the Action class
The Action class of the system provides an enhanced way to obtain system variables, including GET, POST, PUT, REQUEST, SESSION, COOKIE, SERVER, and GLOBALS parameters. in addition to obtaining variable values, it also supports variable filtering and default values. the usage is simple. you only need to call the following method in Action:
- $ Id = $ this-> _ get ('id'); // get the get variable
- $ Name = $ this-> _ post ('name'); // get the post variable
- $ Value = $ this-> _ session ('var'); // Get the session variable
- $ Name = $ this-> _ cookie ('name'); // Obtain the cookie variable
- $ File = $ this-> _ server ('php _ SELF '); // get the server variable
The call format of the copied code is as follows:
$ This-> method name ("variable name", ["filter method"], ["default value"])
The method name can be:
| Method name |
Description |
| _ Get |
GET parameters |
| _ Post |
Get POST parameters |
| _ Param |
GET, POST, or PUT parameters for automatically determining request types |
| _ Request |
Get request parameters |
| _ Put |
Get PUT parameters |
| _ Session |
Get $ _ SESSION parameters |
| _ Cookie |
Get $ _ COOKIE parameters |
| _ Server |
Get $ _ SERVER parameters |
| _ Globals |
Get $ GLOBALS parameters |
Variable name(Required) is the name of the system variable to be obtained.
Filter method(Optional) you can use any built-in function or custom function name. if not specified, use the default htmlspecialchars function for security filtering (configured by the DEFAULT_FILTER parameter ), the parameter is the value obtained by the previous method name, that is, if you call:
- $ This-> _ get ("name ");
The final result of the code copying is htmlspecialchars ($ _ GET ["name"]). to change the filtering method, you can use:
- $ This-> _ get ("name", "strip_tags ");
Copy code
Default value(Optional) it is the default value set when the parameter variable to be obtained does not exist. for example:
- $ This-> _ get ("id", "strip_tags", 0 );
Copy the code. if $ _ GET ["id"] does not exist, 0 is returned.
If no default value is set, the system returns NULL by default.
The usage of other methods is similar.
It seems that the difference is not big, but there is a obvious advantage: if I need to add or change the uniform filtering of these variables, I generally do not need to modify the code obtained from the variables, just add a configuration parameter to the project configuration file, for example:
- 'Default _ filter' => 'strip _ tags'
Copy the code to uniformly filter all variables obtained dynamically using the strip_tags method, or support multiple filtering methods, such:
- 'Default _ filter' => 'strip _ tags, htmlspecialchars'
Copy the code to filter strip_tags and then htmlspecialchars.
If you need to customize the filter method when getting a variable, you can change it:
- $ Name = $ this-> _ post ('content', 'Trim, strip_tags'); // Get post variables and filter
Copy the code. if you set a unified variable filtering method in the project configuration, but want to not filter some variables, you can use:
- $ Name = $ this-> _ post ('id', '', 0 );
Copy the code. if your parameters may come from multiple submission methods, you can use the _ param method for more convenient access. for example:
- $ This-> _ param ('id ');
When the Copy code is submitted in get mode, it is equivalent
- $ This-> _ get ('id ');
When the Copy code is submitted in post mode, it is equivalent
- $ This-> _ post ('id ');
If the Copy code is submitted in put mode, it is equivalent
- $ This-> _ put ('id ');
The advantage of copying code is naturally obvious. The same method can accept variables of different submission types, and different parameters can be obtained without making too many judgments manually.
In some cases, we also have a special requirement to obtain URL parameters. generally, it is enough to get URL parameters using get variables, however, the URL parameters may be irregular in the case of a custom URL or a route. at this time, we can use another method to obtain the URL.
For example, the current URL address is:
- Http: // localhost/index. php/news/hello_world/thinkphp
To copy the code, we need to obtain the parameters. you can use:
- $ This-> _ param (0); // Get news
- $ This-> _ param (1); // get hello_world
- $ This-> _ param (2); // get thinkphp
Copy the code to get the variable in the _ param (number) mode, which is only valid for the URL address in PATHINFO mode.
Before filtering variables, we have learned how to use the methods provided by the Action class to obtain and filter variables. However, without calling these dynamic methods, how can we filter data?
ThinkPHP also provides two data filtering methods:
1. configure global variable filtering
In this case, you can simplify the operation by configuring global filtering, for example, adding parameters to the project configuration file:
- 'Var _ FILTERS '=> 'strip _ tags'
If you copy the code, global get and post variables are filtered. other types of system variables need to be filtered by yourself.
Second, filter variables before writing data to the database.
If your variable data is to be written to the database, you can call the filter method to filter the data before the data is written to the database. for example:
- $ This-> data ($ data)-> filter ('strip _ tags')-> add ();
The copied code performs strip_tags filtering on $ data before executing the add method. However, in this way, the filter method does not support multiple filtering methods.
With ThinkPHP, we can easily obtain and filter system variables. your development capability has been significantly improved. The following describes how to use a route.
