Request
The Request class in WordPress MVC (WPMVC) is a helper for retrieving and sanitizing request data from:
- WordPress query variables (
$wp_query->query_vars) $_POST$_GET
It simplifies access to inputs, applies sensible defaults, and applies sanitization before returning values.
Usage
Import the class at the top of your file:
use WPMVC\Request;
Get a single input value
$value = Request::input( 'name', $default_value );
If the key doesn’t exist in any request source, the $default_value is returned.
To clear the source so that the value can't be re-read (e.g., in nonce verification), pass true:
$nonce = Request::input( 'my_nonce', null, true );
Get all inputs
To retrieve all request variables (from GET, POST, and WordPress query vars):
$request = Request::all();
You can then access values by key:
echo $request[ 'username' ];
Sanitation
By default, the Request class sanitizes all values based on their detected type:
| Input Type | Behavior |
|---|---|
| Numeric without dot | intval() |
| Numeric with decimal | floatval() |
| "true" / "false" strings | Converted to boolean |
| Valid email | sanitize_email() |
| String | sanitize_text_field() |
| Array | Recursively sanitized via sanitize_array() |
You can turn off sanitization or provide a custom sanitization callable:
Disable sanitation
$value = Request::input( 'key', null, false, false );
Custom sanitizer
$value = Request::input( 'key', null, false, 'my_custom_sanitizer' );
Also works with all():
$all = Request::all( 'my_custom_sanitizer' );
API Reference
public static input( $key, $default = null, $clear = false, $sanitize = true )
Retrieve a single input value from query_vars, POST, or GET.
Parameters
| Argument | Type | Description |
|---|---|---|
$key | string | Name of the input to retrieve |
$default | mixed | Value to return if input not found |
$clear | bool | Remove the item from source after reading |
$sanitize | bool,string | Returns: "mixed" — sanitized value or default |
public static all( $sanitize = true )
Return an array of all inputs from GET, POST, and query vars.
Parameters
| Argument | Type | Description |
|---|---|---|
$sanitize | bool,string | Returns: array — key/value list of all data |
Detailed behavior
- If
$sanitizeisfalse, returns raw value. - If
$sanitizeistrueor no callable provided, applies default sanitizers based on type. - Email and string sanitization can be filtered via WP filters:
wpmvc_request_sanitize_emailwpmvc_request_sanitize_string
Example Patterns
Get a blog form field with fallback
$username = Request::input( 'username', 'guest' );
Retrieve raw (unsanitized) request data
$rawData = Request::all( false );
Access and clear a query var
$id = Request::input( 'id', null, true );