Menu
I'm using Silex, which is using the component Request from Symfony.
When I get the data sent from a form, for example this way:
$params = $request->request->all();
No thing is cleaned. Unlike Laravel where the user input data is cleaned automatically. Should I do it manually, with built PHP functions like strip_tag or there's a symfony way to do it.
347
So basically when it comes to sanitizing input, it should not be a part of the Request. This is because, sanitized input is really only a part of the security of your database.
As such, input is sanitized by Doctrine when it's passed to Doctrine. Basically, Doctrine automatically makes sure all input is sanitized. In broader sense, it is the responsibility of your Database Abstraction Layer to make sure that data passed to it is valid.
The same holds true for Propel.
So what I'm saying is that input sanitizing is not the responsibility of the Request object, so it does not provide the functionality to do so. This is in line with the Single Responsibility Principle, which you can read more about here: http://en.wikipedia.org/wiki/Single_responsibility_principle
If you want to validate data that is received through a Request, you can use the Validator Component to do so, there is also a Silex ServiceProvider for it: https://github.com/symfony/Validator
TLDR; Sanitizing input is not the responsbility of the Request, it is the responsibility of your DBAL(Database Abastraction Layer).
80
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
