Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

zend framework sanitizing data

I've seen different comments all over the place, some say that zend framework automatically sanitizes post/get data but others say it doesn't.

What's the deal? I've seen that doing it in the predispatch with a foreach on getParams is the quickest way, but does anyone have any suggestions?

like image 438
Ashley Avatar asked Jun 23 '26 04:06

Ashley


1 Answers

Probably the deal is about Zend_Controller_Request vs the Zend_Db. Request data are often put into the DB.

Request object does not escape anything. You may force it to do using filters, form filters or e.g. using the reflection technique described here:

  • Actions, now with parameters!

Zend_Db queries are basically escaped like in other ORM's, like in PDO.

like image 113
takeshin Avatar answered Jun 24 '26 18:06

takeshin



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!