V2:Simple Examples

From PhpInputValidator

Jump to: navigation, search

Contents

Preface

These are simple examples to show how to use phpInputValidator. In all these examples it assumes: 

  1. That you have installed phpInputValidator and have it configured.
  2. The the variable $getvar is assigned to an instance phpInputValidator class

Example 1: Basic getvar

Lets say for example we have the following URL http://www.yoursite.com/index.php?page_id=1 and you need to fetch the page_id which is supposed to be an integer. In PHP you could use:

$page_id = $GET['page_id'];

I would hope you have an understanding of PHP enough to know that is not a safe way to get that. So instead you could use:

$page_id = (int)$GET['page_id'];

--OR--

$page_id = intval($GET['page_id']);

Well lets see how you could do that with phpInputValidator:

$page_id = $getvar->get('page_id', 'GET', 'int');

In this example we are using the variable getvar which is assigned an instance of the phpInputValidator class. We are using the function get() which is the default function to retrieve and validate data.
In the first argument we are passing the string page_id. The first argument is the variable name you want to fetch. So for this example it's page_id. This value can be a string or an array of strings if you want to fetch mulitples of the same types.
In the second argument we are passing in the string GET. This is location of the variable. This can only be GET, POST, REQUEST, COOKIE, SESSION, or SERVER. This value is always a string.
The third and final argument we are passing the string int. This is type of variable to validate against. This can be a number of possible types but in this example we want an int (or an integer). This value is always a string.

Note

Please not that for any method within phpInputValidator you can use the static method calls:

$page_id = phpInputValidator::get('page_id', 'GET', 'int');

However for these examples a variable instance will be used.

You could also use shortcuts

Example 2: More advanced getvar

Lets say for this example you have a web form that is used to email the following information to you: 

   * First name
         o Alpha only
         o input name first_name
   * Last name
         o Alpha only
         o input name last_name
   * Phone number
         o US in this example
         o input name phone
   * Email address
         o input name email
   * Message
         o You allow HTML
         o input name message

All this information is sent using POST. Lets also say in this example that First Name and Last Name are optional. If they are not there we want the field to say N/A. The message we will allow HTML.

So lets start getting that data.

$first_name = $getvar->get('first_name', 'POST', 'alpha', array('max_length' => 255, 'default' = 'N/A'));

Lets break this down a bit. So you should have an understanding of the first 3 arguments from the previous example. In this case instead of an integer we are looking for alpha. Alpha means only alpha characters (a-z). You might notice in this example there is a fourth argument. This argument allows you to add other optional validations to the fetching of the variable. In this case we want the maximun length of the string to be 255 characters. To do this we use pass in the string max_length with a value of 255. The string default is the default value to pass back if at any point the variable doesn't validate. In this case we want it to be the string 'N/A'.

$last_name = $getvar->get('last_name', 'POST', 'alpha', array('max_length' => 255, 'default' = 'N/A'));

This will get the last name. Since this is pretty much the same as the first name, you should understand everything in this example.

$phone = $getvar->get('phone', 'POST', 'us_phone');

In this example we are getting the type of us_phone. What this means it will validate the input for a United Stated phone number (ie (555)555-5555 or 555-555-5555).

$email = $getvar->get('email', 'POST', 'email');

This should now be pretty easy to figure out. We are fetching the email address.

$message = $getvar->get('message', 'POST', 'string', array('purifier' => _PIV_VAR_PURIFY));

The only thing different in this is the purify validation. What this does is allow you to control if you want HTML in your string or not. By default phpInputValidator will try to strip HTML. In this example we are using the flag _PIV_VAR_PURIFY which will use HTMLPurifier to clean up the HTML and make is safe. You can also use the flag _PIV_VAR_IGNORE and it will do nothing to it, but I would strongly recommend not doing that.

Note

Please not that without the installation of HTMLPurifier HTML is not allowed.

Example 3: Multiples of the same

Lets say that you are going to fetch multiple of the same items. For example lets say you have a form that asks for phone_number, cell_number, and fax_number and all those are going to be us_phone numbers.

You could do:

    $phone_number = $getvar->get('phone_number', 'POST', 'us_phone');
    $cell_number = $getvar->get('cell_number', 'POST', 'us_phone');
    $fax_number = $getvar->get('fax_number', 'POST', 'us_phone');

But an easier way would be:

list($phone_number, $cell_number, $fax_number) = $getvar->get(array('phone_number', 'cell_number', 'fax_number'), 'POST', 'us_phone');

If you pass in an array of strings as the variable name it will return an array of results.

Conclusion

These are very simplistic examples of how to use the system. You can do much more than this. Please spend some time to look through the wiki. If you have any questions, comments, etc. please feel free to put in a support ticket or leave me a message here. I love feedback.

Retrieved from "http://docs.phpinputvalidator.org/index.php/V2:Simple_Examples"