Input and Request Handling

Table of contents

  1. Overview
  2. Getting Input
  3. Detecting Request Type
  4. CSRF Token Check
  5. Full Method Reference
  6. See Also


1. Overview Table of Contents

The Input class is the main interface for retrieving and sanitizing user input in Chappy.php. It abstracts away access to $_GET, $_POST, and $_REQUEST, and ensures all input values are properly sanitized before use.

This class is automatically available in controllers as $this->request.


2. Getting Input Table of Contents

A. Get a Single Input Value

You can assign individual fields from your form to a variable or a field within your model.

$user->email = $this->request->get('email');

If the input field is an array (e.g., checkbox group), it will be recursively sanitized.


B. Get All Input Values

This returns all values from the request, sanitized as an associative array.

$data = $this->request->get();


C. Assigning Input to a Model

You can directly assign all request inputs to a model instance:

$user = new Users();
$user->assign($this->request->get(), Users::blackListedFormKeys);

The second parameter allows you to skip assigning sensitive fields like passwords, tokens, or role IDs.


3. Detecting Request Type Table of Contents

You can detect which HTTP method was used in the request using these methods:

$this->request->isGet();    // true if GET request
$this->request->isPost();   // true if POST request
$this->request->isPut();    // true if PUT request

These checks rely on the REQUEST_METHOD server variable and are helpful when building APIs or advanced form workflows.


4. CSRF Token Check Table of Contents

While CSRF tokens are handled by the FormHelper class, the Input class provides the means to check the validity of your token after form submit inside controller action functions:

$this->request->csrfCheck();

If the token is invalid or missing, the user is redirected to the restricted token error page:

/restricted/badToken


5. Full Method Reference Table of Contents

Method Description
get($key = null) Returns a single sanitized input value or all request inputs as an array
getRequestMethod() Returns the HTTP method in uppercase (e.g., GET, POST, PUT)
isGet() Returns true if the request method is GET
isPost() Returns true if the request method is POST
isPut() Returns true if the request method is PUT
csrfCheck() Validates the CSRF token and redirects if tampering is detected


6. See Also Table of Contents