Detailed explanation of the acquisition and filtering methods of variables in thinkphp3.x, detailed explanation of thinkphp3.x_PHP tutorial

Detailed explanation of the acquisition and filtering methods of variables in thinkphp3. Share it with everyone for your reference, the details are as follows:

Here we learn how to use variables and filter variables in ThinkPHP.

In the process of web development, we often need to obtain system variables or user-submitted data. These variable data are complicated and can easily cause security risks if you are not careful. However, if you make good use of the variable acquisition function provided by ThinkPHP, you can easily Get and manipulate variables now.

1. Obtain variables

1. First, let’s talk about how to obtain variables.

The first method: traditional acquisition method. You can still use traditional methods to obtain various system variables during the development process, for example:

It is not recommended to directly use the traditional method to obtain it, because there is no unified security processing mechanism. If you adjust it later, it will be more troublesome to change it.

$id = $_GET['id'];//获取get变量
$name = $_POST['name'];//获取post变量
$value = $_SESSION['var'];//获取session变量
$name = $_COOKIE['name'];//获取cookie变量
$file = $_SERVER['PHP_SELF'];//获取server变量

The second way: use the dynamic method provided by the Action class

The system's Action class provides enhanced acquisition methods for system variables, including GET, POST, PUT, REQUEST, SESSION, COOKIE, SERVER and GLOBALS parameters. In addition to obtaining variable values, it also provides variable filtering and default value support. , usage is very simple, just call the following method in Action:

The calling format is:

$id = $this->_get('id');//获取get变量
$name = $this->_post('name');//获取post变量
$value = $this->_session('var');//获取session变量
$name = $this->_cookie('name');//获取cookie变量
$file = $this->_server('PHP_SELF');//获取server变量

$this->Method name("Variable name",["Filter method"],["Default value"])

Supported method names:

_get Get GET parameters

_post Get POST parameters

_param automatically determines the request type to obtain GET, POST or PUT parameters _request Get REQUEST parameters
_put Get PUT parameters
_session gets the $_SESSION parameter
_cookie Get $_COOKIE parameters
_server Get $_SERVER parameter
_globals Get $GLOBALS parameters


Variable name: (must) be the name of the system variable to be obtained

Filtering method: (optional) You can use any built-in function or custom function name. If not specified, the default htmlspecialchars function is used for security filtering (configured by the DEFAULT_FILTER parameter). The parameters are obtained from the previous method name. value,

That is to say, if you call:

The final call result is htmlspecialchars($_GET["name"]). If you want to change the filtering method, you can use:

$this->_get("name");

Default value: (optional) is the default value set when the parameter variable to be obtained does not exist, for example:

$this->_get("name","strip_tags");

If $_GET["id"] does not exist, 0 will be returned.

$this->_get("id","strip_tags",0);

If no default value is set, the system returns NULL by default.

Other methods are used similarly.

It seems there is not much difference, but there is an obvious advantage, that is, if I need to add or change the unified filtering of these variables, I generally do not need to modify the code for variable acquisition, I just add a configuration in the project configuration file Parameters are enough, for example:

Use the strip_tags method for unified filtering of all variables obtained dynamically. Multiple filtering methods can also be supported, such as:

'DEFAULT_FILTER'=>'strip_tags'

means strip_tags filtering is performed first, and then htmlspecialchars filtering is performed.

'DEFAULT_FILTER'=>'strip_tags,htmlspecialchars'

If you need to customize the filtering method when obtaining a certain variable, you can change it to:

If you have set a unified variable filtering method in the project configuration, but want to not filter some variables, you can use:

$name = $this->_post('content','trim,strip_tags');
// 获取post变量并过滤

If your parameters may come from multiple submission methods, you can use the _param method to obtain them more conveniently, for example:

$name = $this->_post('id','',0);

When currently submitted in get mode, it is equivalent to

$this->_param('id');

When currently submitted in post mode, it is equivalent to

$this->_get('id');

If submitted in put mode, it is equivalent to

$this->_post('id');

The advantage is naturally obvious. The same method can accept variables of different submission types, and there is no need to make too many manual judgments to obtain different parameters.

$this->_put('id');

2. Obtain URL parameters

In some cases, we also have a special need to obtain URL parameters. Generally speaking, it is enough to obtain URL parameters by using get variables, but for our customized URLs, or routing In this case, the parameters of the URL may be irregular. In this case, we can use another method to obtain them.

For example, the current URL address is:

http://localhost/index.php/news/hello_world/thinkphp

If we want to get the parameters, we can use:

However, the _param (number) method of variable acquisition is only valid for PATHINFO mode URL addresses

$this->_param(0); // 获取news
$this->_param(1); // 获取hello_world
$this->_param(2); // 获取thinkphp

3. Variable filtering

We have already learned how to use the methods provided by the Action class to obtain and filter variables, but without calling these dynamic methods, how can we filter data?

ThinkPHP also provides two ways to perform data filtering operations:

First: Configure global variable filtering

这种情况是针对一些会在多使用的情况，可以通过配置全局过滤 简化操作，例如在项目配置文件中添加参数：

'VAR_FILTERS'=>'strip_tags'

则会对全局的get和post变量进行过滤，其他类型的系统变量需要自行过滤。

第二：在写入数据库之前进行变量过滤

如果你的变量数据是要写入到数据库的话，可以在数据写入数据库之前调用filter方法对数据进行安全过滤，例如：

$this->data($data)->filter('strip_tags')->add();

在执行add方法之前，会对$data数据进行strip_tags过滤处理。但是，这种方式下面，filter方法不支持多个过滤方法。

四、总结

使用ThinkPHP，我们可以轻松地对系统变量的获取和过滤，你的开发功力明显提升了不少。加油，后面还会讲解如何使用路由。

PS：这里推荐几款本站的格式化美化工具，相信大家在以后的开发中能够用得上：

php代码在线格式化美化工具：
http://tools.jb51.net/code/phpformat

JavaScript代码美化/压缩/格式化/加密工具：
http://tools.jb51.net/code/jscompress

在线XML格式化/压缩工具：
http://tools.jb51.net/code/xmlformat

JSON代码格式化美化工具：
http://tools.jb51.net/code/json

在线XML/JSON互相转换工具：
http://tools.jb51.net/code/xmljson

json代码在线格式化/美化/压缩/编辑/转换工具：
http://tools.jb51.net/code/jsoncodeformat

sql代码在线格式化美化工具：
http://tools.jb51.net/code/sqlcodeformat

更多关于thinkPHP相关内容感兴趣的读者可查看本站专题：《ThinkPHP入门教程》、《ThinkPHP常用方法总结》、《PHP中cookie用法总结》、《smarty模板入门基础教程》及《PHP模板技术总结》。

希望本文所述对大家基于ThinkPHP框架的PHP程序设计有所帮助。

http://www.bkjia.com/PHPjc/1133132.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/1133132.htmlTechArticlethinkphp3.x中变量的获取和过滤方法详解，thinkphp3.x详解 本文实例讲述了thinkphp3.x中变量的获取和过滤方法。分享给大家供大家参考，具体如下...