Based on CodeIgniter’s Input class, Brain’s Input class usage is very similar. Using the input class allows for some automatic and manual input filtering.
Automatic Input Filtering
As long as you use the Input class to access $_POST, $_GET, and $_COOKIE data, you will be accessing data that has:
- Clean array keys
- Values run through utf8_clean_string
- Values run through remove_invisible_characters
- Newlines in values standardized
utf8_clean_string
By using iconv (if available), characters are converted to UTF-8, and if they can’t be represented in UTF-8, they are discarded.
remove_invisible_characters
This prevents sandwiching null characters between ascii characters, like Java\0script.
Access to $_GET
// Retrieve $_GET['key_name']
$val = Input::get('key_name');
// Retrieve $_GET['key_name'] and run through XSS clean
$val = Input::get('key_name', TRUE);
Access to $_POST
// Retrieve $_POST['key_name']
$val = Input::post('key_name');
// Retrieve $_POST['key_name'] and run through XSS clean
$val = Input::post('key_name', TRUE);
Access to $_COOKIE
// Retrieve $_COOKIE['key_name']
$val = Input::cookie('key_name');
// Retrieve $_COOKIE['key_name'] and run through XSS clean
$val = Input::cookie('key_name', TRUE);
Access to $_SERVER
// Retrieve $_SERVER['key_name']
$val = Input::server('key_name');
// Retrieve $_SERVER['key_name'] and run through XSS clean
$val = Input::server('key_name', TRUE);
Access to IP Address
$ip = Input::ip_addr();
Access to User Agent
$ua = Input::user_agent();
Determine if Ajax Request
$bool = Input::is_ajax_request();
Determine if CLI Request
$bool = Input::is_cli_request();
XSS Clean
$cleaned_value = Input::xss_clean( $original_value, $is_image = FALSE );