输入类
输入类有两个目的:
- 为了安全,预处理输入数据。
- 提供helper的一些方法,取得输入数据,并预处理输入数据。
说明: 系统自动加载此类,不用手动加载。
安全过滤(Security Filtering)
当触发一个控制器的时候,安全过滤(Security Filtering)功能自动启动。做以下事情:
- 摧毁全局GET数组。CodeIgniter不用GET数组,就没有必要允许它。
- 当 register_globals 被设置为 on 的时候,销毁所有的全局变量。
- 过滤 POST/COOKIE 数组键,只允许字母-数字(以及一些其它的)字符。
- 可以过滤跨站脚本攻击 (Cross-site Scripting Hacks) 此功能可全局打开(enabled globally),或者按要求打开。
- 换行符统一换为 \n
跨站脚本(XSS)过滤
The Input class has the ability to filter input automatically to prevent cross-site scripting attacks. If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this:
$config['global_xss_filtering'] = TRUE;
Please refer to the Security class documentation for information on using XSS Filtering in your application.
使用 POST, COOKIE, 或 SERVER 数据
CodeIgniter 有3个 helper方法可以让用户取得POST, COOKIE 或 SERVER 的内容。用这些方法比直接使用php方法($_POST['something'])的好处是不用先检查此项目是不是存在。 直接使用php方法,必须先做如下检验:
if ( ! isset($_POST['something']))
{
$something = FALSE;
}
else
{
$something = $_POST['something'];
}
用CodeIgniter内建的方法,你可以这样:
$something = $this->input->post('something');
这3个方法是:
- $this->input->post()
- $this->input->cookie()
- $this->input->server()
$this->input->post()
第一个参数是所要取得的post中的数据:
$this->input->post('some_data');
如果数据不存在,方法将返回 FALSE (布尔值)。
第二个参数是可选的,如果想让取得的数据经过跨站脚本过滤(XSS Filtering),把第二个参数设为TRUE。
$this->input->post('some_data', TRUE);
$this->input->get()
This function is identical to the post function, only it fetches get data:
此方法类似post方法,用来取得get数据:
$this->input->get('some_data', TRUE);
$this->input->get_post()
This function will search through both the post and get streams for data, looking first in post, and then in get:
这个方法将会搜索POST和GET方式的数据流,首先以POST方式搜索参数1中的值,然后以GET方式搜索:
$this->input->get_post('some_data', TRUE);
$this->input->cookie()
此方法类似post方法,用来取得cookie数据:
$this->input->cookie('some_data', TRUE);
$this->input->server()
此方法类似上面两个方法,用来取得server数据:
$this->input->server('some_data');
$this->input->set_cookie()
Sets a cookie containing the values you specify. There are two ways to pass information to this function so that a cookie can be set: Array Method, and Discrete Parameters:
Array Method
Using this method, an associative array is passed to the first parameter:
$cookie = array(
'name' => 'The Cookie Name',
'value' => 'The Value',
'expire' => '86500',
'domain' => '.some-domain.com',
'path' => '/',
'prefix' => 'myprefix_',
);
$this->input->set_cookie($cookie);
Notes:
Only the name and value are required. To delete a cookie set it with the expiration blank.
The expiration is set in seconds, which will be added to the current time. Do not include the time, but rather only the number of seconds from now that you wish the cookie to be valid. If the expiration is set to zero the cookie will only last as long as the browser is open.
For site-wide cookies regardless of how your site is requested, add your URL to the domain starting with a period, like this: .your-domain.com
The path is usually not needed since the function sets a root path.
The prefix is only needed if you need to avoid name collisions with other identically named cookies for your server.
Discrete Parameters
If you prefer, you can set the cookie by passing data using individual parameters:
$this->input->set_cookie($name, $value, $expire, $domain, $path, $prefix);
$this->input->get_cookie()
Lets you fetch a cookie. The first parameter will contain the name of the cookie you are looking for (including any prefixes):
get_cookie('some_cookie');
The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;
get_cookie('some_cookie', TRUE);
$this->input->ip_address()
返回当前用户的IP。如果IP地址无效,返回0.0.0.0的IP:
echo $this->input->ip_address();
$this->input->valid_ip($ip)
测试输入的IP地址是不是有效,返回布尔值TRUE或者FALSE。 注意:$this->input->ip_address()自动测试输入的IP地址本身格式是不是有效。
if ( ! $this->input->valid_ip($ip))
{
echo 'Not Valid';
}
else
{
echo 'Valid';
}
$this->input->user_agent()
返回当前用户正在使用的浏览器的user agent信息。 如果不能得到数据,返回FALSE。
echo $this->input->user_agent();
$this->input->request_headers()
Useful if running in a non-Apache environment where apache_request_headers() will not be supported. Returns an array of headers.
$headers = $this->input->request_headers();
$this->input->get_request_header();
Returns a single member of the request headers array.
$this->input->get_request_header('some-header', TRUE);
$this->input->is_ajax_request()
Checks to see if the HTTP_X_REQUESTED_WITH server header has been set, and returns a boolean response.
$this->input->is_ajax_request()