Jude Aakjaer wrote:
Hi,
Checkout the manual in relation to Zend_Db quoting
http://framework.zend.com/manual/en/zend.db.html#zend.db.adapter.quoting
I believe also all the variable replacement methods such as
$db->insert('table_name', array('fieldone' => $value1, ....));
performs automatic quoting
Regards
Jude A.
On Fri, 14 Sep 2007 09:58:09 +0800, Kexiao Liao <[EMAIL PROTECTED]> wrote:
Before I save POST variable's values into Database table, Do I need to
escape
these values to filter out any unexpected characters in the string?
What is
the function we need to call for these filtering?
In addition to escaping the data, you may want to filter and validate
the data, there are numerous filter ( Zemnd_Filter_* ) and validation (
Zend_Filter_* )classes already, these can be be used singly or on an
ad-hoc basis.
For more complex filter and validation chains you may wish to explore
using them programmatically with Zend_Filter_Input,
Zend_Filter
http://framework.zend.com/manual/en/zend.filter.html
Zend_Validate
http://framework.zend.com/manual/en/zend.validate.html
Zend_Filter_Input
http://framework.zend.com/manual/en/zend.filter.input.html
regards
graham
