I have a Zend_Filter_Input which validates a number of POST variables of a form
of mine. I get the Escaped values from the Zend_Filter_Input and pass them on a
Zend_Db_Table to insert a new row to the table (or to update even)
I've noticed the following. Zend_Filter_Input->getEscaped() returns the value of
the POST variable already escaped with slashes for single or double quotes. When
this is passed on to Zend_Db_Table->insert instead of adding the new row without
the slash (as normal behavior) it adds it including the slash on the row added.
Why is this happening? Am I doing something wrong? Imagine the following (dummy)
code:
$validators = array (
'column' => array(
'presence' => 'required'
)
);
$filters = array();
$options = array( .... );
$validator = new Zend_Filter_Input($filters, $validators, $_POST, $options);
require_once 'Utilities/Zend/Zend_Filter_HtmlSpecialCharacters.php';
$validator->setDefaultEscapeFilter(new
Zend_Filter_HtmlSpecialCharacters(ENT_COMPAT, 'utf-8'));
if( $validator->isValid() )
{
$p = new Zend_Db_Table_Extension();
try
{
$p->insert(
array(
'column' => $values->getEscaped('column'),
...
)
);
}
catch( Exception $e )
{
// Error
}
}
In my case Zend_Filter_HtmlSpecialCharacters is just a wrapper around
htmlspecialchars() because we are using Greek Language with UTF-8
If column textfield contains "This isn't a test" Zend_Filter_Input will transform
it to "This isn\'t a test" escaping the ' with a slash. However when this string
is added to the database instead of being written as "This isn't a test" it is
written to the column as "This isn\'t a test"
Is this a bug? Or am i missing something?
没有评论:
发表评论