Home >Backend Development >PHP Tutorial >Detailed explanation of the use of I method in ThinkPHP_PHP tutorial
Detailed explanation of the use of I method in ThinkPHP_PHP tutorial
- 不言Original
- 2018-05-24 14:05:397157browse
ThinkPHP’s I method is a new member among many single-letter functions. Its name comes from the English Input (input). It is mainly used to obtain system input variables more conveniently and safely. It can be used anywhere. The usage format is as follows:
I('Variable type.Variable name',['Default value'],['Filter method'])
The variable type refers to the request method or input type.
The meaning of each variable type is as follows:
| Variable type | Meaning |
|---|---|
| get | Get GET parameters |
| post | Get POST parameters |
| param | Automatically determine the request type to get GET, POST or PUT parameters |
| request | Get REQUEST parameters |
| put | Get PUT parameters |
| session | Get $_SESSION parameter |
| cookie | Get $_COOKIE parameter |
| server | Get $_SERVER parameter |
| globals | Get $GLOBALS parameters |
Note: Variable types are not case-sensitive.
Variable names are strictly case-sensitive.
Default value and filtering method are optional parameters.
1. Usage:
Let’s take the GET variable type as an example to illustrate the use of the I method:
echo I('get.id'); // 相当于 $_GET['id'] echo I('get.name'); // 相当于 $_GET['name']
Support default value:
echo I('get.id',0); // 如果不存在$_GET['id'] 则返回0 echo I('get.name',''); // 如果不存在$_GET['name'] 则返回空字符串
Filter by method:
echo I('get.name','','htmlspecialchars'); // 采用htmlspecialchars方法对$_GET['name'] 进行过滤,如果不存在则返回空字符串
supports directly obtaining the entire variable type, for example:
I('get.'); // 获取整个$_GET 数组
In the same way, we can get variables of post or other input types, for example:
I('post.name','','htmlspecialchars'); // 采用htmlspecialchars方法对$_POST['name'] 进行过滤,如果不存在则返回空字符串 I('session.user_id',0); // 获取$_SESSION['user_id'] 如果不存在则默认为0 I('cookie.'); // 获取整个 $_COOKIE 数组 I('server.REQUEST_METHOD'); // 获取 $_SERVER['REQUEST_METHOD']
param variable type is frame A unique variable acquisition method that supports automatic judgment of the current request type, for example:
echo I('param.id');
If the current request type is GET, then it is equivalent to $_GET['id'], if the current request type is POST or PUT, then it is equivalent to getting $_POST['id'] or PUT parameter id.
And the param type variable can also use numeric index to obtain URL parameters (the PATHINFO mode parameter must be valid, whether it is GET or POST), for example:
The current access URL address is
http: //serverName/index.php/New/2013/06/01
Then we can pass the
echo I('param.1'); // 输出2013 echo I('param.2'); // 输出06 echo I('param.3'); // 输出01
fact Above, the writing method of param variable type can be simplified as:
I('id'); // 等同于 I('param.id') I('name'); // 等同于 I('param.name')
2. Variable filtering
When using the I method, the variables actually go through two filters. The first is global filtering. Global filtering is done by configuring the VAR_FILTERS parameter. It must be noted here that after version 3.1, the filtering mechanism of the VAR_FILTERS parameter has been changed to recursive filtering using the array_walk_recursive method. Yes, the main requirement for the filtering method is that it must be returned by reference, so setting htmlspecialchars here is invalid. You can customize a method, for example:
function filter_default(&$value){
$value = htmlspecialchars($value);
}
Then configure:
'VAR_FILTERS'=>'filter_default'
If you need to filter multiple times, you can use:
'VAR_FILTERS'=>'filter_default,filter_exp'
The filter_exp method is a security filtering method built into the framework, which is used to prevent injection attacks using the EXP function of the model.
Because the VAR_FILTERS parameter sets a global filtering mechanism and uses recursive filtering, which has an impact on efficiency. Therefore, we recommend directly filtering the variables, except in the third step of the I method. In addition to the parameter setting filtering method, you can also set filtering by configuring the DEFAULT_FILTER parameter. In fact, the default setting of this parameter is:
'DEFAULT_FILTER' => 'htmlspecialchars'
In other words, all acquisition variables of the I method will be filtered by htmlspecialchars, then:
I('get.name'); // 等同于 htmlspecialchars($_GET['name'])
Similarly, this parameter can also support multiple filter, for example:
'DEFAULT_FILTER' => 'strip_tags,htmlspecialchars'
I('get.name'); // 等同于 htmlspecialchars(strip_tags($_GET['name']))
If we are using the I method If the filtering method is specified, the DEFAULT_FILTER setting will be ignored, for example:
echo I('get.name','','strip_tags'); // 等同于 strip_tags($_GET['name'])
If the third parameter of the I method is passed Entering the function name means calling the function to filter the variable and return it (if the variable is an array, array_map is automatically used for filtering), otherwise PHP's built-in filter_var method will be called for filtering, for example:
I('post.email','',FILTER_VALIDATE_EMAIL);
indicates that $_POST['email'] will be formatted and if it does not meet the requirements, an empty string will be returned.
(For more verification formats, please refer to the official manual for filter_var usage.)
Or you can use the following character identification:
I('post.email','','email');
The filter names that can be supported must be valid values in the filter_list method (different server environments may vary). Possible supports include:
int boolean float validate_regexp validate_url validate_email validate_ip string stripped encoded special_chars unsafe_raw email url number_int number_float magic_quotes callback
In some special cases, we do not want to perform any filtering, even if DEFAULT_FILTER has been set, you can use:
I('get.name','',NULL);
Once the filtering parameter is set to NULL, it means that no filtering will be performed.