Requests & Input

Basic input

You may access all user input with a few simple methods. You do not need to worry about the HTTP verb for the request when using the Input facade, as input is accessed in the same way for all verbs. The global input helper function is an alias for Input::get.

Retrieving an input value

$name = Input::get('name');

Retrieving a default value if the input value is absent

$name = Input::get('name', 'Sally');

Determining if an input value is present

if (Input::has('name')) {

Getting all input for the request

$input = Input::all();

Getting only some of the request input

$input = Input::only('username', 'password');

$input = Input::except('credit_card');

When working on forms with "array" inputs, you may use dot notation to access the arrays:

$input = Input::get('');

NOTE: Some JavaScript libraries such as Backbone may send input to the application as JSON. You may access this data via Input::get like normal.


By default, all cookies created by the Winter are encrypted and signed with an authentication code, meaning they will be considered invalid if they have been changed by the client. Cookies named in the cookie.unencryptedCookies config key will not be encrypted.

NOTE: Cookies are encrypted with the APP_KEY, so there is the potential for cookies to be crafted by the client if they know the APP_KEY. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherit to PHP object serialization / unserialization, such as calling arbitrary class methods within your application. To mitigate that, always rotate your APP_KEY if you suspect it has been compromised and ensure you always verify that the data you received from a cookie is what you expect it to be before using it.

Retrieving a cookie value

$value = Cookie::get('name');

Attaching a new cookie to a response

$response = Response::make('Hello World');

$response->withCookie(Cookie::make('name', 'value', $minutes));

Queueing a cookie for the next response

If you would like to set a cookie before a response has been created, use the Cookie::queue method. The cookie will automatically be attached to the final response from your application.

Cookie::queue($name, $value, $minutes);

Creating a cookie that lasts forever

$cookie = Cookie::forever('name', 'value');

Handling cookies without encryption

If you don't want some cookies to be encrypted or decrypted, you can specify them in configuration. This is useful, for example, when you want to pass data from frontend to server side backend via cookies, and vice versa.

Add names of the cookies that should not be encrypted or decrypted to unencryptedCookies parameter in the config/cookie.php configuration file.

| Cookies that should not be encrypted
| Winter CMS encrypts/decrypts cookies by default. You can specify cookies
| that should not be encrypted or decrypted here. This is useful, for
| example, when you want to pass data from frontend to server side backend
| via cookies, and vice versa.

'unencryptedCookies' => [

Alternatively for plugins, you can also add these dynamically from Plugin.php of your plugin.

public function boot()
    Config::push('cookie.unencryptedCookies', "my_cookie");

Old input

You may need to keep input from one request until the next request. For example, you may need to re-populate a form after checking it for validation errors.

Flashing input to the session


Flashing only some input to the session

Input::flashOnly('username', 'email');


Since you often will want to flash input in association with a redirect to the previous page, you may easily chain input flashing onto a redirect.

return Redirect::to('form')->withInput();

return Redirect::to('form')->withInput(Input::except('password'));

NOTE: You may flash other data across requests using the Session class.

Retrieving old data



Retrieving an uploaded file

$file = Input::file('photo');

Determining if a file was uploaded

if (Input::hasFile('photo')) {

The object returned by the file method is an instance of the Symfony\Component\HttpFoundation\File\UploadedFile class, which extends the PHP SplFileInfo class and provides a variety of methods for interacting with the file.

Determining if an uploaded file is valid

if (Input::file('photo')->isValid()) {

Moving an uploaded file


Input::file('photo')->move($destinationPath, $fileName);

Retrieving the path to an uploaded file

$path = Input::file('photo')->getRealPath();

Retrieving the original name of an uploaded file

$name = Input::file('photo')->getClientOriginalName();

Retrieving the extension of an uploaded file

$extension = Input::file('photo')->getClientOriginalExtension();

Retrieving the size of an uploaded file

$size = Input::file('photo')->getSize();

Retrieving the MIME type of an uploaded file

$mime = Input::file('photo')->getMimeType();

Request information

The Request class provides many methods for examining the HTTP request for your application and extends the Symfony\Component\HttpFoundation\Request class. Here are some of the highlights.

Retrieving the request URI

$uri = Request::path();

Retrieving the request method

$method = Request::method();

if (Request::isMethod('post')) {

Determining if the request path matches a pattern

if (Request::is('admin/*')) {

Get the request URL

$url = Request::url();

Retrieve a request URI segment

$segment = Request::segment(1);

Retrieving a request header

$value = Request::header('Content-Type');

Retrieving values from $_SERVER

$value = Request::server('PATH_INFO');

Determining if the request is over HTTPS

if (Request::secure()) {

Determine if the request is using AJAX

if (Request::ajax()) {

Determine if the request has JSON content type

if (Request::isJson()) {

Determine if the request is asking for JSON

if (Request::wantsJson()) {

Checking the requested response format

The Request::format method will return the requested response format based on the HTTP Accept header:

if (Request::format() == 'json') {
Copyright © 2024 Winter CMS
Edit on GitHub