IncomingRequest Class
The IncomingRequest class provides an object-oriented representation of an HTTP request from a client, like a browser. It extends from, and has access to all the methods of the Request and Message classes, in addition to the methods listed below.
Accessing the Request
An instance of the request class already populated for you if the current class is a descendant of
CodeIgniter\Controller
and can be accessed as a class property:
<?php
namespace App\Controllers;
use CodeIgniter\Controller;
class UserController extends Controller
{
public function index()
{
if ($this->request->isAJAX()) {
// ...
}
}
}
If you are not within a controller, but still need access to the application’s Request object, you can get a copy of it through the Services class:
<?php
$request = \Config\Services::request();
It’s preferable, though, to pass the request in as a dependency if the class is anything other than the controller, where you can save it as a class property:
<?php
use CodeIgniter\HTTP\RequestInterface;
class SomeClass
{
protected $request;
public function __construct(RequestInterface $request)
{
$this->request = $request;
}
}
$someClass = new SomeClass(\Config\Services::request());
Determining Request Type
A request could be of several types, including an AJAX request or a request from the command line. This can
be checked with the isAJAX()
and isCLI()
methods:
<?php
// Check for AJAX request.
if ($request->isAJAX()) {
// ...
}
// Check for CLI Request
if ($request->isCLI()) {
// ...
}
Note
The isAJAX()
method depends on the X-Requested-With
header,
which in some cases is not sent by default in XHR requests via JavaScript (i.e., fetch).
See the AJAX Requests section on how to avoid this problem.
is()
New in version 4.3.0.
Since v4.3.0, you can use the is()
method. It returns boolean.
<?php
// Checks HTTP methods. Returns boolean.
$request->is('get');
$request->is('post');
$request->is('put');
$request->is('delete');
$request->is('head');
$request->is('patch');
$request->is('options');
// Checks if it is an AJAX request. The same as `$request->isAJAX()`.
$request->is('ajax');
// Checks if it is a JSON request.
$request->is('json');
getMethod()
You can check the HTTP method that this request represents with the getMethod()
method:
<?php
// Returns 'post'
$method = $request->getMethod();
By default, the method is returned as a lower-case string (i.e., 'get'
, 'post'
, etc).
Important
The functionality to convert the return value to lower case is deprecated. It will be removed in the future version, and this method will be PSR-7 equivalent.
You can get an
uppercase version by wrapping the call in strtoupper()
:
// Returns 'GET'
$method = strtoupper($request->getMethod());
You can also check if the request was made through and HTTPS connection with the isSecure()
method:
<?php
if (! $request->isSecure()) {
force_https();
}
Retrieving Input
You can retrieve input from $_SERVER
, $_GET
, $_POST
, and $_ENV
through the Request object.
The data is not automatically filtered and returns the raw input data as passed in the request.
Note
It is bad practice to use global variables. Basically, it should be avoided and it is recommended to use methods of the Request object.
The main
advantages to using these methods instead of accessing them directly ($_POST['something']
), is that they
will return null if the item doesn’t exist, and you can have the data filtered. This lets you conveniently
use data without having to test whether an item exists first. In other words, normally you might do something
like this:
<?php
$something = $_POST['foo'] ?? null;
With CodeIgniter’s built-in methods you can simply do this:
<?php
$something = $request->getVar('foo');
Getting Data
The getVar()
method will pull from $_REQUEST
, so will return any data from $_GET
, $POST
, or $_COOKIE
(depending on php.ini request-order).
Note
If the incoming request has a Content-Type
header set to application/json
,
the getVar()
method returns the JSON data instead of $_REQUEST
data.
While this is convenient, you will often need to use a more specific method, like:
$request->getGet()
$request->getPost()
$request->getCookie()
$request->getServer()
$request->getEnv()
In addition, there are a few utility methods for retrieving information from either $_GET
or $_POST
, while
maintaining the ability to control the order you look for it:
$request->getPostGet()
- checks$_POST
first, then$_GET
$request->getGetPost()
- checks$_GET
first, then$_POST
Getting JSON Data
You can grab the contents of php://input
as a JSON stream with getJSON()
.
Note
This has no way of checking if the incoming data is valid JSON or not, you should only use this method if you know that you’re expecting JSON.
<?php
$json = $request->getJSON();
By default, this will return any objects in the JSON data as objects. If you want that converted to associative
arrays, pass in true
as the first parameter.
The second and third parameters match up to the depth
and options
arguments of the
json_decode PHP function.
If the incoming request has a Content-Type
header set to application/json
, you can also use getVar()
to get
the JSON stream. Using getVar()
in this way will always return an object.
Getting Specific Data from JSON
You can get a specific piece of data from a JSON stream by passing a variable name into getVar()
for the
data that you want or you can use “dot” notation to dig into the JSON to get data that is not on the root level.
<?php
/*
* With a request body of:
* {
* "foo": "bar",
* "fizz": {
* "buzz": "baz"
* }
* }
*/
$data = $request->getVar('foo');
// $data = "bar"
$data = $request->getVar('fizz.buzz');
// $data = "baz"
If you want the result to be an associative array instead of an object, you can use getJsonVar()
instead and pass
true in the second parameter. This function can also be used if you can’t guarantee that the incoming request will have the
correct Content-Type
header.
<?php
// With the same request as above
$data = $request->getJsonVar('fizz');
// $data->buzz = "baz"
$data = $request->getJsonVar('fizz', true);
// $data = ["buzz" => "baz"]
Note
See the documentation for dot_array_search()
in the Array
helper for more information on “dot” notation.
Retrieving Raw Data (PUT, PATCH, DELETE)
Finally, you can grab the contents of php://input
as a raw stream with getRawInput()
:
<?php
$data = $request->getRawInput();
This will retrieve data and convert it to an array. Like this:
<?php
var_dump($request->getRawInput());
/*
* Outputs:
* [
* 'Param1' => 'Value1',
* 'Param2' => 'Value2',
* ]
*/
You can also use getRawInputVar()
, to get the specified variable from raw stream and filter it.
<?php
// When the request body is 'foo=one&bar=two&baz[]=10&baz[]=20'
var_dump($request->getRawInputVar('bar'));
// Outputs: two
// foo=one&bar=two&baz[]=10&baz[]=20
var_dump($request->getRawInputVar(['foo', 'bar']));
/*
* Outputs:
* [
* 'foo' => 'one',
* 'bar' => 'two'
* ]
*/
// foo=one&bar=two&baz[]=10&baz[]=20
var_dump($request->getRawInputVar('baz'));
/*
* Outputs:
* [
* '10',
* '20'
* ]
*/
// foo=one&bar=two&baz[]=10&baz[]=20
var_dump($request->getRawInputVar('baz.0'));
// Outputs: 10
Filtering Input Data
To maintain security of your application, you will want to filter all input as you access it. You can
pass the type of filter to use as the second parameter of any of these methods. The native filter_var()
function is used for the filtering. Head over to the PHP manual for a list of valid
filter types.
Filtering a POST variable would look like this:
<?php
$email = $request->getVar('email', FILTER_SANITIZE_EMAIL);
All of the methods mentioned above support the filter type passed in as the second parameter, with the
exception of getJSON()
and getRawInput()
.
Retrieving Headers
You can get access to any header that was sent with the request with the headers()
method, which returns
an array of all headers, with the key as the name of the header, and the value is an instance of
CodeIgniter\HTTP\Header
:
<?php
var_dump($request->headers());
/*
* Outputs:
* [
* 'Host' => CodeIgniter\HTTP\Header,
* 'Cache-Control' => CodeIgniter\HTTP\Header,
* 'Accept' => CodeIgniter\HTTP\Header,
* ]
*/
If you only need a single header, you can pass the name into the header()
method. This will grab the
specified header object in a case-insensitive manner if it exists. If not, then it will return null
:
<?php
// these are all equivalent
$host = $request->header('host');
$host = $request->header('Host');
$host = $request->header('HOST');
You can always use hasHeader()
to see if the header existed in this request:
<?php
if ($request->hasHeader('DNT')) {
// Don't track something...
}
If you need the value of header as a string with all values on one line, you can use the getHeaderLine()
method:
<?php
// Accept-Encoding: gzip, deflate, sdch
echo 'Accept-Encoding: ' . $request->getHeaderLine('accept-encoding');
If you need the entire header, with the name and values in a single string, simply cast the header as a string:
<?php
echo (string) $header;
The Request URL
You can retrieve a URI object that represents the current URI for this request through the
$request->getUri()
method. You can cast this object as a string to get a full URL for the current request:
<?php
$uri = (string) $request->getUri();
The object gives you full abilities to grab any part of the request on it’s own:
<?php
$uri = $request->getUri();
echo $uri->getScheme(); // http
echo $uri->getAuthority(); // snoopy:[email protected]:88
echo $uri->getUserInfo(); // snoopy:password
echo $uri->getHost(); // example.com
echo $uri->getPort(); // 88
echo $uri->getPath(); // /path/to/page
echo $uri->getRoutePath(); // path/to/page
echo $uri->getQuery(); // foo=bar&bar=baz
print_r($uri->getSegments()); // Array ( [0] => path [1] => to [2] => page )
echo $uri->getSegment(1); // path
echo $uri->getTotalSegments(); // 3
You can work with the current URI string (the path relative to your baseURL) using the getRoutePath()
.
Note
The getRoutePath()
method can be used since v4.4.0. Prior to v4.4.0,
the getPath()
method returned the path relative to your baseURL.
Uploaded Files
Information about all uploaded files can be retrieved through $request->getFiles()
, which returns an array of
CodeIgniter\HTTP\Files\UploadedFile
instance. This helps to ease the pain of working with uploaded files,
and uses best practices to minimize any security risks.
<?php
$files = $request->getFiles();
See Working with Uploaded Files for the details.
You can retrieve a single file uploaded on its own, based on the filename given in the HTML file input:
<?php
$file = $request->getFile('userfile');
You can retrieve an array of same-named files uploaded as part of a multi-file upload, based on the filename given in the HTML file input:
<?php
$files = $request->getFileMultiple('userfile');
Note
The files here correspond to $_FILES
. Even if a user just clicks submit button of a form and does not upload any file, the file will still exist. You can check that the file was actually uploaded by the isValid()
method in UploadedFile. See Verify a File for more details.
Content Negotiation
You can easily negotiate content types with the request through the negotiate()
method:
<?php
$language = $request->negotiate('language', ['en-US', 'en-GB', 'fr', 'es-mx']);
$imageType = $request->negotiate('media', ['image/png', 'image/jpg']);
$charset = $request->negotiate('charset', ['UTF-8', 'UTF-16']);
$contentType = $request->negotiate('media', ['text/html', 'text/xml']);
$encoding = $request->negotiate('encoding', ['gzip', 'compress']);
See the Content Negotiation page for more details.
Class Reference
Note
In addition to the methods listed here, this class inherits the methods from the Request Class and the Message Class.
The methods provided by the parent classes that are available are:
CodeIgniter\HTTP\Request::getIPAddress()
CodeIgniter\HTTP\Request::isValidIP()
CodeIgniter\HTTP\Request::getMethod()
CodeIgniter\HTTP\Request::setMethod()
CodeIgniter\HTTP\Request::getServer()
CodeIgniter\HTTP\Request::getEnv()
CodeIgniter\HTTP\Request::setGlobal()
CodeIgniter\HTTP\Request::fetchGlobal()
CodeIgniter\HTTP\Message::getBody()
CodeIgniter\HTTP\Message::setBody()
CodeIgniter\HTTP\Message::appendBody()
CodeIgniter\HTTP\Message::populateHeaders()
CodeIgniter\HTTP\Message::headers()
CodeIgniter\HTTP\Message::header()
CodeIgniter\HTTP\Message::hasHeader()
CodeIgniter\HTTP\Message::getHeaderLine()
CodeIgniter\HTTP\Message::setHeader()
CodeIgniter\HTTP\Message::removeHeader()
CodeIgniter\HTTP\Message::appendHeader()
CodeIgniter\HTTP\Message::prependHeader()
CodeIgniter\HTTP\Message::getProtocolVersion()
CodeIgniter\HTTP\Message::setProtocolVersion()
- class CodeIgniter\HTTP\IncomingRequest
- isCLI()
- Returns
True if the request was initiated from the command line, otherwise false.
- Return type
bool
- isAJAX()
- Returns
True if the request is an AJAX request, otherwise false.
- Return type
bool
- isSecure()
- Returns
True if the request is an HTTPS request, otherwise false.
- Return type
bool
- getVar([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_REQUEST
if no parameters supplied, otherwise the REQUEST value if found, or null if not- Return type
array|bool|float|int|object|string|null
The first parameter will contain the name of the REQUEST item you are looking for:
<?php $request->getVar('some_data');
The method returns null if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the PHP’s filters. Pass in the desired filter type as the second parameter:
<?php $request->getVar('some_data', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
To return an array of all POST items call without any parameters.
To return all POST items and pass them through the filter, set the first parameter to null while setting the second parameter to the filter you want to use:
<?php $request->getVar(null, FILTER_SANITIZE_FULL_SPECIAL_CHARS); // returns all POST items with string sanitation
To return an array of multiple POST parameters, pass all the required keys as an array:
<?php $request->getVar(['field1', 'field2']);
Same rule applied here, to retrieve the parameters with filtering, set the second parameter to the filter type to apply:
<?php $request->getVar(['field1', 'field2'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
- getGet([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_GET
if no parameters supplied, otherwise the GET value if found, or null if not- Return type
array|bool|float|int|object|string|null
This method is identical to
getVar()
, only it fetches GET data.
- getPost([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_POST
if no parameters supplied, otherwise the POST value if found, or null if not- Return type
array|bool|float|int|object|string|null
This method is identical to
getVar()
, only it fetches POST data.
- getPostGet([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_POST
and$_GET
combined if no parameters specified (prefer POST value on conflict), otherwise looks for POST value, if nothing found looks for GET value, if no value found returns null- Return type
array|bool|float|int|object|string|null
This method works pretty much the same way as
getPost()
andgetGet()
, only combined. It will search through both POST and GET streams for data, looking first in POST, and then in GET:<?php $request->getPostGet('field1');
If no index is specified, it will return both POST and GET streams combined. Although POST data will be preferred in case of name conflict.
- getGetPost([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_GET
and$_POST
combined if no parameters specified (prefer GET value on conflict), otherwise looks for GET value, if nothing found looks for POST value, if no value found returns null- Return type
array|bool|float|int|object|string|null
This method works pretty much the same way as
getPost()
andgetGet()
, only combined. It will search through both GET and POST streams for data, looking first in GET, and then in POST:<?php $request->getGetPost('field1');
If no index is specified, it will return both GET and POST streams combined. Although GET data will be preferred in case of name conflict.
- getCookie([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_COOKIE
if no parameters supplied, otherwise the COOKIE value if found or null if not- Return type
array|bool|float|int|object|string|null
This method is identical to
getPost()
andgetGet()
, only it fetches cookie data:<?php $request->getCookie('some_cookie'); $request->getCookie('some_cookie', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // with filter
To return an array of multiple cookie values, pass all the required keys as an array:
<?php $request->getCookie(['some_cookie', 'some_cookie2']);
Note
Unlike the Cookie Helper function
get_cookie()
, this method does NOT prepend your configuredConfig\Cookie::$prefix
value.
- getServer([$index = null[, $filter = null[, $flags = null]]])
- Parameters
- Returns
$_SERVER
item value if found, null if not- Return type
array|bool|float|int|object|string|null
This method is identical to the
getPost()
,getGet()
andgetCookie()
methods, only it fetches getServer data ($_SERVER
):<?php $request->getServer('some_data');
To return an array of multiple
$_SERVER
values, pass all the required keys as an array.<?php $request->getServer(['SERVER_PROTOCOL', 'REQUEST_URI']);
- getUserAgent([$filter = null])
- Parameters
$filter (
int
) – The type of filter to apply. A list of filters can be found here.
- Returns
The User Agent string, as found in the SERVER data, or null if not found.
- Return type
This method returns the User Agent string from the SERVER data:
<?php $request->getUserAgent();
- getPath()
- Returns
The current URI path relative to baseURL
- Return type
string
This method returns the current URI path relative to baseURL.
Note
Prior to v4.4.0, this was the safest method to determine the “current URI”, since
IncomingRequest::$uri
might not be aware of the complete App configuration for base URLs.
- setPath($path)
Deprecated since version 4.4.0.
- Parameters
$path (
string
) – The relative path to use as the current URI
- Returns
This Incoming Request
- Return type
Note
Prior to v4.4.0, used mostly just for testing purposes, this allowed you to set the relative path value for the current request instead of relying on URI detection. This also updated the underlying
URI
instance with the new path.