Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Im using the Propel framework, for communication with a database. I figured that it’s using PDO and makes a bindParam(), when I try to make an input, so SQL injections should be covered.
But does it provide extra seucurity such as strip_tags(), htmlspecialchars() or similar stuff, or should I do this manually?
I have used PDO before so I know the basics, but it’s the first time im using Propel.
I would not expect an ORM to protect against XSS attacks. That is a problem that has nothing to do with the database layer (and would cause you problems if you wanted to store HTML).