Phenotype Getters (Filtering, Validating & Output Escaping)
Getters - Principles
One basic principle of Phenotype is that all content representing objects can store any possible data as internal properties.
To access their properties those objects have a set of common getter methods. These getter methods do encode/filter the values for further processing while retrieving it.
Following table shows the basic getter methods:
| check($property) | check, if property is set |
| get($property,$default=null) | raw access to value |
| getI($property,$default=null) | get value converted to int |
| getH($property,$default=null) | get value HTML encoded |
| getHBR($property,$default=null) | get value HTML encoded, additionally line breaks are converted to <br/> |
| getD($property, $decimals,$default=null) | get value as number with $decimals decimal places |
| getA($property,$allowedchars=PT_ALPHANUMERIC,$default=null) | get value filtered, only characters within $allowedchars gets through |
| getX($property,$default=null) | get value XML encoded |
This getter methods are availabe for following Phenotype objects:
- PhenotypeComponent
- PhenotypeContent
- PhenotypeDataObject
- PhenotypePage
- Phenotype itself
and last but not least
- PhenotypeRequest.
That means, you can access the request params just the way you are accessing the data of a content record.
So Phenotype combines getting and filtering data into one step. For a list of all available getters check the API documentation of PhenotypeBase, an abstract class that contains all getter methods for all system classes.
Default Values
All getters do have a $default parameter. If you provide a value here, that value will be taken, if the request property is not set. This combines a typical “NotEmpty” check with the requested encode/filter.
Validation Checks
For simple validations Phenotype objects have isValidXY methods, that do validation check on their property data. For a list of all validation checks also take a look at the API Doc of PhenotypeBase.
Following example checks the request parameter “category” for existance, correct integer format and valid value:
if ($myRequest->isValidInteger("category",true) AND $myRequest->isValidSelection("category",array(1,2,3))) { echo "Valid category!"; } else { print_r ($myRequest->getValidationError()); }
The →getValidationError()-method always returns an array with information about the reasion of validation failure, or no information, if validation passed.
Array ( [number] => 2 [string] => not an integer )
Advanced Validation & Filtering
Phenotype Getters are suitable for the most common cases. You may implement your own getter and validation methods by inherting PhenotypeXYStandard classes. For even more complex task you might stick to external Validation libraries, e.g. those from Zend Framework.
Output Escaping
For output escaping you can use the getH/getHBR/getHKT/getX getters of the mentioned objects. If you compute strings you might want to work with the raw (or otherwise filtered) values as long as possible. Then just use the helper functions codeH(), codeHBR(), codeX() before echoing.
If you use Smarty templates you should escape any raw value by using the escape-modifier, e.g. {$title|escape}. If you assign Phenotype Objects to the template you can use their getters within the template too, like {$myNews→getH(“title”)}.
Be sure to never print out any user given input without escaping or filtering!
You think Phenotype Wiki/Documentation could be better?
We too. Please contribute: Edit this page
Recent Blog Posts
- Finally Multibyte - Phenotype 3.0
- Phenotype 2.9 explained
- Integration of PHPIDS (PHP-Intrusion Detection System)
- New Release: Phenotype 2.8 Ready for Download
- Restart: New Phenotype Website Live
- Phenotype worth: 2 Million $
- New Feature: Automatic Image Version Creation
- Additional smartURL variable: smartPATH
