ThinkPHP's I method is a new member among many single-letter functions. It is mainly used to obtain system input variables more conveniently and safely, and can be used anywhere. This article mainly introduces the I method of ThinkPHP. Friends who need it can refer to it
The I method of ThinkPHP is a new member of many single-letter functions. Its name comes from the English Input (input) and is mainly used for It is more convenient and safe to obtain system input variables and can be used anywhere. The usage format is as follows:
I('Variable type.Variable name',['Default value'],['Filter method'])
The variable type refers to the request method or input type.
The meaning of each variable type is as follows:
| Variable type |
Meaning |
| get |
Get GET parameters |
| post |
Get POST parameters |
| param |
Automatically determine the request type to get GET, POST or PUT parameters |
| request |
Get the REQUEST parameters |
| put |
Get the PUT parameters |
| session |
Get $_SESSION parameters |
| cookie |
Get $_COOKIE parameter |
| server |
Get $_SERVER parameter |
| globals |
Get $GLOBALS parameters |
Note: Variable types are not case-sensitive.
Variable names are strictly case-sensitive.
Default value and filtering method are optional parameters.
1. Usage:
Let’s take the GET variable type as an example to explain the use of the I method:
echo I('get.id'); // 相当于 $_GET['id']
echo I('get.name'); // 相当于 $_GET['name']
Copy after login
Support default value:
echo I('get.id',0); // 如果不存在$_GET['id'] 则返回0
echo I('get.name',''); // 如果不存在$_GET['name'] 则返回空字符串
Copy after login
Filter by method:
echo I('get.name','','htmlspecialchars'); // 采用htmlspecialchars方法对$_GET['name'] 进行过滤,如果不存在则返回空字符串
Copy after login
Supports directly obtaining the entire variable type, for example:
I('get.'); // 获取整个$_GET 数组
Copy after login
In the same way, We can get variables of post or other input types, for example:
I('post.name','','htmlspecialchars'); // 采用htmlspecialchars方法对$_POST['name'] 进行过滤,如果不存在则返回空字符串
I('session.user_id',0); // 获取$_SESSION['user_id'] 如果不存在则默认为0
I('cookie.'); // 获取整个 $_COOKIE 数组
I('server.REQUEST_METHOD'); // 获取 $_SERVER['REQUEST_METHOD']
Copy after login
The param variable type is a framework-specific variable that supports automatic determination of the current request type. Obtaining method, for example:
echo I('param.id');
Copy after login
If the current request type is GET, then it is equivalent to $_GET['id'], if the current request type is If it is POST or PUT, then it is equivalent to getting $_POST['id'] or PUT parameter id.
And param type variables can also use numeric index to obtain URL parameters (the PATHINFO mode parameter must be valid, whether it is GET or POST), for example:
The current access URL address is
http: //serverName/index.php/New/2013/06/01
Then we can pass
echo I('param.1'); // 输出2013
echo I('param.2'); // 输出06
echo I('param.3'); // 输出01
Copy after login
In fact, The writing method of param variable type can be simplified as:
I('id'); // 等同于 I('param.id')
I('name'); // 等同于 I('param.name')
Copy after login
##2. Variable filtering
Use the I method The variables actually go through two filters. The first is global filtering. Global filtering is done by configuring the VAR_FILTERS parameter. It must be noted here that after version 3.1, the filtering mechanism of the VAR_FILTERS parameter has been changed to recursive filtering using the array_walk_recursive method. Mainly for The requirement of the filtering method is that it must be returned by reference, so setting htmlspecialchars here is invalid. You can customize a method, for example:
function filter_default(&$value){
$value = htmlspecialchars($value);
}Copy after login
and then configure :
'VAR_FILTERS'=>'filter_default'
Copy after login
If you need to filter multiple times, you can use:
'VAR_FILTERS'=>'filter_default,filter_exp'
Copy after login
The filter_exp method is a security filtering method built into the framework, which is used to prevent injection attacks using the EXP function of the model.
Because the VAR_FILTERS parameter sets a global filtering mechanism and uses recursive filtering, which affects efficiency, we recommend directly filtering the variables, except in the third step of the I method. In addition to the parameter setting filtering method, you can also set filtering by configuring the DEFAULT_FILTER parameter. In fact, the default setting of this parameter is:
'DEFAULT_FILTER' => 'htmlspecialchars'
Copy after login
Also That is to say, all acquisition variables of the I method will be filtered by htmlspecialchars, then:
I('get.name'); // 等同于 htmlspecialchars($_GET['name'])
Copy after login
Similarly, this parameter can also support multiple filters, for example :
'DEFAULT_FILTER' => 'strip_tags,htmlspecialchars'
Copy after login
I('get.name'); // 等同于 htmlspecialchars(strip_tags($_GET['name']))
Copy after login
If we specify the filtering method when using the I method, then The setting of DEFAULT_FILTER will be ignored, for example:
echo I('get.name','','strip_tags'); // 等同于 strip_tags($_GET['name'])
Copy after login
If the third parameter of the I method is passed in the function name, it means that the function is called The variable is filtered and returned (if the variable is an array, array_map is automatically used for filtering), otherwise PHP's built-in filter_var method is called for filtering, for example:
I('post.email','',FILTER_VALIDATE_EMAIL);
Copy after login
means that the format of $_POST['email'] will be verified. If it does not meet the requirements, an empty string will be returned.
(For more verification formats, please refer to the official manual for filter_var usage.)
Or you can use the following character identification:
I('post.email','','email');
Copy after login
The supported filter names must be valid values in the filter_list method (different server environments may be different). Possible supported filter names include:
int
boolean
float
validate_regexp
validate_url
validate_email
validate_ip
string
stripped
encoded
special_chars
unsafe_raw
email
url
number_int
number_float
magic_quotes
callback
Copy after login
In some special cases, we do not want to perform any filtering, even if DEFAULT_FILTER has been set, you can use:
I('get.name','',NULL);
Copy after login
Once the filtering parameter is set to NULL, it means that no filtering will be performed.
The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!
Related recommendations:
Usage of distinct in Thinkphp
##
The above is the detailed content of Usage analysis of ThinkPHP's I method. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
