Hotaru Docs


Retrieving POST and GET data

One of the greatest security risks to a program is allowing data to be passed into it as part of a query string in a url or submitted via a form. To protect against dangerous data, it's common to use a sanitize function to strip any unwanted characters or code before using it.

Hotaru CMS uses an input filtering and validation library called Inspekt to take care of sanitizing raw data.

With Inspekt, superglobal arrays such as $_GET and $_POST are "destroyed" so you won't be able to use them in your plugins.

Getting POST and GET data with Inspekt

Inspekt stores the values of $_GET and $_POST in a "cage" object. In Hotaru, you can retrieve data from the cage like this:

$value = $h->cage->get->getInt('number'); // $_GET
$value = $h->cage->post->getInt('number'); // $_POST

That example uses getInt because the value we are retrieving is an integer, but there are many more Inspekt filters and testers to choose from here.

If you'd just like to test if a key exists, use keyExists, e.g.

$value = $h->cage->get->keyExists('number'); // $_GET
$value = $h->cage->post->keyExists('number'); // $_POST

Server Vars

You can get server host variables via the cage, too. E.g.

$host_info = $h->cage->server->sanitizeTags('HTTP_HOST');
Getting StartedDesign and LayoutPlugin DevelopmentAdvanced TopicsFunction ReferenceTroubleshooting