thinkphp I method introduction

As you can see, the I method is a new member of ThinkPHP’s many single-letter functions. Its name comes from the English Input (input), which is mainly used for more convenience and security. Get system input variables, which can be used anywhere. The usage format is as follows:

I('变量类型.变量名',['默认值'],['过滤方法'])

The variable type refers to the request method or input type, including:

Note: Variable types are not case-sensitive.

Variable names are strictly case-sensitive.

Default value and filtering method are optional parameters.

Usage

We take the GET variable type as an example to illustrate the use of the I method:

echo I('get.id'); // 相当于 $_GET['id']
echo I('get.name'); // 相当于 $_GET['name']

Supports default values:

echo I('get.id',0); // 如果不存在$_GET['id'] 则返回0
echo I('get.name',''); // 如果不存在$_GET['name'] 则返回空字符串

Use method filtering:

echo I('get.name','','htmlspecialchars'); // 采用htmlspecialchars方法对$_GET['name'] 进行过滤，如果不存在则返回空字符串

Supports directly obtaining the entire variable type, for example:

I('get.'); // 获取整个$_GET 数组

In the same way, we can obtain post or other input type variables, for example:

I('post.name','','htmlspecialchars'); // 采用htmlspecialchars方法对$_POST['name'] 进行过滤，如果不存在则返回空字符串
I('session.user_id',0); // 获取$_SESSION['user_id'] 如果不存在则默认为0
I('cookie.'); // 获取整个 $_COOKIE 数组
I('server.REQUEST_METHOD'); // 获取 $_SERVER['REQUEST_METHOD']

param variable Type is a framework-specific variable acquisition method that supports automatic determination of the current request type, for example:

echo I('param.id');

If the current request type is GET, it is equivalent to $_GET['id'], if the current request type is POST Or PUT, then it is equivalent to getting $_POST['id'] or PUT parameter id.

And the param type variable can also use numeric index to obtain URL parameters (the PATHINFO mode parameter must be valid, whether it is GET or POST), for example:

The current access URL address is

http://serverName/index.php/New/2013/06/01

then we can pass

echo I('param.1'); // 输出2013
echo I('param.2'); // 输出06
echo I('param.3'); // 输出01

In fact, the writing of param variable type can be simplified to:

I('id'); // 等同于 I('param.id')
I('name'); // 等同于 I('param.name')

Variable filtering

When using the I method, the variables actually go through two filters. The first is global filtering. Global filtering is done by configuring the VAR_FILTERS parameter. It must be noted here that after version 3.1, the filtering mechanism of the VAR_FILTERS parameter has been changed to use the array_walk_recursive method recursion. Filtered, the main requirement for the filtering method is that it must be returned by reference, so setting htmlspecialchars here is invalid. You can customize a method, for example:

function filter_default(&$value){
    $value = htmlspecialchars($value);
 }

and then configure:

'VAR_FILTERS'=>'filter_default'

if necessary For multiple filtering, you can use:

'VAR_FILTERS'=>'filter_default,filter_exp'

The filter_exp method is a security filtering method built into the framework, which is used to prevent injection attacks using the EXP function of the model.

Because the VAR_FILTERS parameter sets a global filtering mechanism and uses recursive filtering, which affects efficiency, we recommend directly filtering the variables, except in the third step of the I method. In addition to the parameter setting filtering method, you can also set filtering by configuring the DEFAULT_FILTER parameter. In fact, the default setting of this parameter is:

'DEFAULT_FILTER'        => 'htmlspecialchars'

In other words, all acquisition variables of the I method will be filtered by htmlspecialchars, then :

I('get.name'); // 等同于 htmlspecialchars($_GET['name'])

Similarly, this parameter can also support multiple filters, for example:

'DEFAULT_FILTER'        => 'strip_tags,htmlspecialchars'

I('get.name'); // 等同于 htmlspecialchars(strip_tags($_GET['name']))

If we specify the filtering method when using the I method, the DEFAULT_FILTER setting will be ignored, for example :

echo I('get.name','','strip_tags'); // 等同于 strip_tags($_GET['name'])

If the third parameter of the I method is passed in the function name, it means calling the function to filter the variable and return it (when the variable is an array, array_map is automatically used for filtering), otherwise it will Call PHP's built-in filter_var method for filtering processing. For example:

I('post.email','',FILTER_VALIDATE_EMAIL);

means that the format of $_POST['email'] will be verified. If it does not meet the requirements, an empty string will be returned.

Or you can use the following character identification method:

I('post.email','','email');

The supported filter name must be a valid value in the filter_list method (different server environments may be different), which may be supported include ：

• int

• boolean

• float

• validate_regexp

• validate_url

• validate_email

• validate_ip

• string

• stripped

• encoded

• special_chars

• unsafe_raw

• ##email

##url
number_int
number_float
magic_quotes
callback
In some special In this case, we do not want to perform any filtering, even if DEFAULT_FILTER has been set, you can use:

I('get.name','',NULL);

Once the filtering parameter is set to NULL, it means that no filtering will be performed.

Recommended tutorial: "

TP5

"

The above is the detailed content of thinkphp I method introduction. For more information, please follow other related articles on the PHP Chinese website!