The Propel ORM documentation mentions a neat import/export feature using functions like fromArray and

Question

0

Asked: June 6, 20262026-06-06T13:19:05+00:00 2026-06-06T13:19:05+00:00

The Propel ORM documentation mentions a neat import/export feature using functions like fromArray and

0

The Propel ORM documentation mentions a neat import/export feature using functions like fromArray and fromJSON, that should allow something like this:

$foo = new Widget();
$foo->fromArray($_POST);
$foo->save(); /* Aaand you're done! */

…but the documentation doens’t mention if using fromArray this way is supposed to be safe, i.e. if fromArray can handle untrusted input. My guess would be that it’s all right – the default setters are injection-proof, and the whole deal is based on PDO – but I’d like to be sure.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-06T13:19:06+00:00

Editorial Team

2026-06-06T13:19:06+00:00Added an answer on June 6, 2026 at 1:19 pm

Propel not only uses PDO for the queries, it also utilizes Prepared Statements via PDO, which are pretty good when it comes to mitigating SQL Injection attacks (and performance enhancing).

Note that just using PDO does NOT guarantee any protection against SQL Injection, always use Prepared Statements.

So as an answer to your question, yes, Propel fully utilizes PDO’s abilities to protect from SQL Injection.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The Propel ORM documentation mentions a neat import/export feature using functions like fromArray and

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply