Update! It was the magic quotes! It never crossed my mind before. Sorry for
the hassle :)
mobius
m0bius wrote:
>
>
> Hello everyone,
>
> I have a Zend_Filter_Input which validates a number of POST variables of a
> form
> of mine. I get the Escaped values from the Zend_Filter_Input and pass them
> on a
> Zend_Db_Table to insert a new row to the table (or to update even)
>
> I've noticed the following. Zend_Filter_Input->getEscaped() returns the
> value of
> the POST variable already escaped with slashes for single or double
> quotes. When
> this is passed on to Zend_Db_Table->insert instead of adding the new row
> without
> the slash (as normal behavior) it adds it including the slash on the row
> added.
>
> Why is this happening? Am I doing something wrong? Imagine the following
> (dummy)
> code:
>
> $validators = array (
> 'column' => array(
> 'presence' => 'required'
> )
> );
> $filters = array();
>
> $options = array( .... );
>
> $validator = new Zend_Filter_Input($filters, $validators, $_POST,
> $options);
>
> require_once 'Utilities/Zend/Zend_Filter_HtmlSpecialCharacters.php';
> $validator->setDefaultEscapeFilter(new
> Zend_Filter_HtmlSpecialCharacters(ENT_COMPAT, 'utf-8'));
>
> if( $validator->isValid() )
> {
> $p = new Zend_Db_Table_Extension();
>
> try
> {
> $p->insert(
> array(
> 'column' => $values->getEscaped('column'),
> ...
> )
> );
> }
> catch( Exception $e )
> {
> // Error
> }
> }
>
> In my case Zend_Filter_HtmlSpecialCharacters is just a wrapper around
> htmlspecialchars() because we are using Greek Language with UTF-8
>
> If column textfield contains "This isn't a test" Zend_Filter_Input will
> transform
> it to "This isn\'t a test" escaping the ' with a slash. However when this
> string
> is added to the database instead of being written as "This isn't a test"
> it is
> written to the column as "This isn\'t a test"
>
> Is this a bug? Or am i missing something?
>
>
>
>
--
View this message in context: http://www.nabble.com/Zend_Filter_Input---Zend_Db_Table-Insert-Escape-problem-tp20771929p20809161.html
Sent from the Zend DB mailing list archive at Nabble.com.
没有评论:
发表评论