Merge pull request #8 from MaplePHP/develop

Develop

Author: wazabii8

README.md

@@ -266,6 +266,78 @@ if ($response->getStatusCode() === 200) {
     echo 'Error: ' . $response->getReasonPhrase();
 }
 ```
+---
+
+
+# Input
+
+A simple, secure static helper class for reading and sanitizing `$_GET` and `$_POST` values in PHP. Part of the [MaplePHP HTTP](https://github.com/MaplePHP/Http) library.
+
+### Checking if a key exists
+
+```php
+// Check in either $_GET or $_POST
+Input::has('name');
+
+// Check only in $_GET
+Input::hasGet('page');
+
+// Check only in $_POST
+Input::hasPost('email');
+```
+
+---
+
+### Reading encoded (safe) values
+
+Values are automatically HTML-encoded to prevent XSS. Returns `null` if the key does not exist.
+
+```php
+// From $_GET
+$page = Input::get('page');
+
+// From $_POST
+$email = Input::post('email');
+
+// From $_GET or $_POST (GET takes priority)
+$id = Input::request('id');
+
+// With a fallback default
+$page = Input::get('page', '1');
+```
+
+---
+
+### Reading raw (unencoded) values
+
+Use raw methods when you need the original unmodified value, or when working with array inputs.
+
+```php
+// Scalar raw value
+$name = Input::getRaw('name');
+
+// Array input e.g. $_POST['tags'][]
+$tags = Input::postRaw('tags');
+
+// With a fallback default
+$filters = Input::getRaw('filters', []);
+```
+
+> **Note:** Raw values are not sanitized. Make sure to validate or sanitize them before use.
+
+---
+
+### Reading all input
+
+```php
+// All raw merged input from $_GET and $_POST (POST takes priority)
+$data = Input::all();
+
+// All encoded merged input, including nested arrays
+$data = Input::allEncoded();
+```
+
+---
 
 ## Conclusion
 

src/Input.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace MaplePHP\Http;
+
+use MaplePHP\DTO\Format\Arr;
+use MaplePHP\DTO\Format\Str;
+
+class Input
+{
+
+	/**
+	 * Check if key exists in $_GET or $_POST
+	 *
+	 * @param string $key
+	 * @return bool
+	 */
+	public static function has(string $key): bool
+	{
+		return isset($_GET[$key]) || isset($_POST[$key]);
+	}
+
+	/**
+	 * Check if key exists in $_GET
+	 *
+	 * @param string $key
+	 * @return bool
+	 */
+	public static function hasGet(string $key): bool
+	{
+		return isset($_GET[$key]);
+	}
+
+	/**
+	 * Check if key exists in $_POST
+	 *
+	 * @param string $key
+	 * @return bool
+	 */
+	public static function hasPost(string $key): bool
+	{
+		return isset($_POST[$key]);
+	}
+
+	/**
+	 * Get encoded value from $_GET
+	 *
+	 * @param string $key
+	 * @param string|null $default Fallback value if key does not exist
+	 * @param bool $raw Return raw unencoded value
+	 * @return string|null
+	 */
+	public static function get(string $key, ?string $default = null, bool $raw = false): ?string
+	{
+		$value = $_GET[$key] ?? $default;
+		if ($value === null) return null;
+		return $raw ? $value : Str::value($value)->encode();
+	}
+
+	/**
+	 * Get encoded value from $_POST
+	 *
+	 * @param string $key
+	 * @param string|null $default Fallback value if key does not exist
+	 * @param bool $raw Return raw unencoded value
+	 * @return string|null
+	 */
+	public static function post(string $key, ?string $default = null, bool $raw = false): ?string
+	{
+		$value = $_POST[$key] ?? $default;
+		if ($value === null) return null;
+		return $raw ? $value : Str::value($value)->encode();
+	}
+
+	/**
+	 * Get encoded value from $_GET or $_POST (GET takes priority)
+	 *
+	 * @param string $key
+	 * @param string|null $default Fallback value if key does not exist
+	 * @param bool $raw Return raw unencoded value
+	 * @return string|null
+	 */
+	public static function request(string $key, ?string $default = null, bool $raw = false): ?string
+	{
+		$value = $_GET[$key] ?? $_POST[$key] ?? $default;
+		if ($value === null) return null;
+		return $raw ? $value : Str::value($value)->encode();
+	}
+
+	/**
+	 * Get raw unencoded value from $_GET, useful for arrays e.g. $_GET['key'][]
+	 *
+	 * @param string $key
+	 * @param mixed $default Fallback value if key does not exist
+	 * @return mixed
+	 */
+	public static function getRaw(string $key, mixed $default = null): mixed
+	{
+		return $_GET[$key] ?? $default;
+	}
+
+	/**
+	 * Get raw unencoded value from $_POST, useful for arrays e.g. $_POST['key'][]
+	 *
+	 * @param string $key
+	 * @param mixed $default Fallback value if key does not exist
+	 * @return mixed
+	 */
+	public static function postRaw(string $key, mixed $default = null): mixed
+	{
+		return $_POST[$key] ?? $default;
+	}
+
+	/**
+	 * Get all raw input from $_GET and $_POST merged (POST takes priority)
+	 *
+	 * @return array<string, mixed>
+	 */
+	public static function all(): array
+	{
+		return array_merge($_GET, $_POST);
+	}
+
+	/**
+	 * Get all encoded input from $_GET and $_POST merged (POST takes priority)
+	 *
+	 * @return array<string, string>
+	 */
+	public static function allEncoded(): array
+	{
+		return Arr::value($_GET)
+			->merge($_POST)
+			->walkRecursive(fn($value) => Str::value($value)->encode()->get())
+			->toArray();
+	}
+}

src/Uri.php

@@ -296,7 +296,7 @@ public function getUri(): string
      */
     public function getArgv(): array
     {
-        return $this->argv;
+        return $this->argv === null ? [] : $this->argv;
     }
 
     /**