Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve seen different comments all over the place, some say that zend framework automatically sanitizes post/get data but others say it doesn’t.
What’s the deal? I’ve seen that doing it in the predispatch with a foreach on getParams is the quickest way, but does anyone have any suggestions?
Probably the deal is about
Zend_Controller_Requestvs theZend_Db. Request data are often put into the DB.Request object does not escape anything. You may force it to do using filters, form filters or e.g. using the reflection technique described here:
Zend_Dbqueries are basically escaped like in other ORM’s, like in PDO.