Class: CGI
- Package: saf.CGI
- Author: John Luxford <lux@simian.ca>
- Copyright: Copyright (C) 2001-2003, Simian Systems Inc.
- License: http://www.sitellite.org/index/license Simian Open Software License
- Version: 3.6, 2003-07-17, $Id: CGI.php,v 1.8 2008/03/14 21:43:51 lux Exp $
- Access: public
CGI is a class that is used to give GET and POST auto-generated
variables their own distinct namespace, so as not to conflict with other
auto-generated variables, such as Cookie data. The CGI class gets its data
from the $HTTP_POST_VARS and $HTTP_GET_VARS hashes.
New in 1.2:
- Fixed a bug in the parseUri method where the values weren't being urldecoded.
New in 1.4:
- Added reset () calls before accessing the $HTTP_* arrays, so that it doesn't
result in an error if you read through them yourself prior to constructing
your CGI object.
- Added parsing and verifying of uploaded files, so that you don't have to
worry about is_uploaded_file (), move_uploaded_file (), and all those.
Note: CGI will automatically attempt to import the UploadedFile class file
using a global $loader object if $HTTP_POST_FILES contains values.
New in 1.6:
- Added verify () method which allows you to check any value against either
a regular expression or a function for validity before trusting it.
New in 1.8:
- Added support for the PHP $_GET, $_POST, etc. variables, via an if statement
so as to be backward-compatible with the deprecated $HTTP_*_VARS variables.
New in 2.0:
- Now relies on the $_GET, $_POST, $_FILES, and $_SERVER superglobal only,
but calls "global $_GET, $_POST, $_FILES, $_SERVER;" so that in versions
of PHP below 4.1.0, you can create a reference to the old $HTTP_*_VARS
using the new $_* names.
New in 2.2:
- Now understands multiple file uploads using the fieldname[] style.
New in 2.4:
- Fixed a bug with the automatic stripslashes() and fields that are arrays.
New in 2.6:
- Added a makeQuery() method, which returns the property list as a URL
query string.
New in 2.8:
- Fixed a bug in makeQuery() where values that were arrays were being
passed to urlencode(), which expects a string. Arrays are now joined
with commas before this step. Objects are simply skipped.
New in 3.0:
- Added a verifyRequestMethod() method.
New in 3.2:
- Added the following functions as aliases to methods of a global $cgi
object: cgi_param($name), cgi_params(), cgi_files(), cgi_make_query($except),
cgi_verify_request_method($required), cgi_translate_uri($uri, $lose),
and cgi_verify($param, $type, $validator).
New in 3.4:
- parseUri() now returns $_SERVER['argv'] as extras if the server is
called from the command-line.
- Now calls urldecode() and if magic_quotes_gpc is set also stripslashes()
on the $_SERVER['REQUEST_URI'] prior to parsing it in parseUri().
- Now parseUri() correctly parses requests like:
/index/user/name.Mr.%20Joe%20Smith
That used to cause problems due to the extra dot.
- parseUri() also strips queries from the end of the REQUEST_URI via
a substr(REQUEST_URI,0,strpos(REQUEST_URI,'?')) command when a
question-mark is in the URI.
New in 3.6:
- Added types 'type' and 'rule' to verify().
Usage Example
<?php
$cgi = new CGI;
// if a variable called 'query' was passed to this script, it can
// be accessed this way:
echo $cgi->query;
// or you can use the 'param' property to retrieve all of the names
// of the variables passed to this script:
foreach ($cgi->param as $p) {
echo $cgi->{$p};
}
// verifying data
if ($cgi->verify ('somevar', 'regex', '/^[a-z0-9_-]*$/i')) {
// $cgi->somevar is okay
} else {
// $cgi->somevar did not pass
echo $cgi->error;
}
// handling uploaded files...
foreach ($cgi->files as $f) {
echo $cgi->{$f}->name;
}
?>
Return to Top
Properties
$param = array ()
Contains a list of the names of all the variables passed to the
current script through either the GET or POST methods.
$files = array ()
Contains a list of the names of all the file upload variables
passed to the current script through the POST method.
$error
Contains an error message describing the reason for a verify ()
failure.
Return to Top
Methods
CGI ()
Constructor method.
parseUri ()
- Access: public
- Return: array
Takes the global $REQUEST_URI variable and parses it as if
each subdirectory listing is a key/value pair, separated by periods (.),
and adds these pairs as properties of this object, and the keys to the
param array. Any subdirectories that do not contain a period are returned
as extras.
translateUri ($uri = '', $lose = '')
- Access: public
- Return: string
Takes an ordinary URI with GET parameters in it, and returns
a URI compatible with the parseUri method. The optional lose parameter
is a comma-separated list of key/value pairs in the URI to lose, but
not from the parameter list (the stuff that follows the ?), but from
the first part of the URI.
verify ($param, $type, $validator)
- Access: public
- Return: boolean
Verifies the specified value against either a regular
expression or a function to see whether or not it contains valid
input. Understood $type's are 'regex', 'func' or 'function',
'type' which checks for the type of the value (int, numeric, string,
etc.), and 'rule' which evaluates a MailForm rule on the value.
Functions must accept only the value of the variable and return
a boolean value.
makeQuery ($except = array ())
- Access: public
- Return: string
Creates a URL query string (ie. ?foo=bar&foo2=bar2)
from the properties of this object, excluding $param, $files,
$error, and any properties listed in $except. If $except
is a string, it will be converted to an array with the
first element being the original string.
verifyRequestMethod ($required = 'POST')
- Access: public
- Return: boolean
Verifies that the request method made by the user
was made a certain way. This can be useful in cases where
you don't want data passed in the URL (ie. use POST instead
of GET).
isHttps ()
- Access: public
- Return: boolean
Verifies that the current request is made through a secure
socket layer (SSL).
forceHttps ()
Force the current page to be made over HTTPS. Note: Doesn't check
the response from site_secure(), simply reloads the page.
forceHttp ()
Force the current page to be made over HTTP.
Return to Top