Home/ Questions/Q 6195499
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T03:28:42+00:00

im trying to write a function that will sanitize data coming from the client

  • 0

im trying to write a function that will sanitize data coming from the client side.
im using zend framework and i know that it offers functions to do that. but im not using zend_form so i dont know how to use those functions

i wanna be able to sanitize the data from sql injections… before save them in the db or doing any further processing with that data.

so my question is , is there any function out there or a library that can do that ?
im looking for a function that will take as an input a string and return the sanitized one.

thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you use prepared statements with PDO, Zend_Db or another ORM then the parameters will be escaped properly so that takes care of sanitizing in most cases.

    PDO Example:

    $pdo = new PDO($dsn, $username, $password);
$pdo->prepare("INSERT INTO some_table (col1, col2, col3) VALUES (?,?,?)");
$pdo->execute(array($valueCol1, $valueCol2, $valueCol3));

    Before you even get to that step though you should validate the data which is what Zend_Validate is for. You dont have to use Zend_Validate with Zend_Form if you dont want to – you can just create validator instances and then validate different values.

    Example from the ZF Documentation:

    $validator = new Zend_Validate_EmailAddress();

if ($validator->isValid($email)) {
    // email appears to be valid
} else {
    // email is invalid; print the reasons
    foreach ($validator->getMessages() as $messageId => $message) {
        echo "Validation failure '$messageId': $message\n";
    }
}

    Zend_Form is just a handy way to handle form processing and make things easily reusable.

    • 0