I'm developing a Zend_Form class which will feed data into a MySQL table through a Zend_Db table class.
There are a number of fields on this form that are optional, and which I want to default to NULL in the database if they are not filled in. However, I was finding that the empty values from the form were being inserted into the db table as empty strings, rather than NULLs (this was true even if those fields were disabled, meaning that there were no values for them in the POST data -- $form->getValues() returns zero-length strings rather than NULLs). After some head-scratching, I realized that it was the StringTrim and HtmlEntities filters that were turning those fields into zero-length strings, which by turn get inserted into the db table as zero-length strings instead of NULL. I can take the filters off of those form elements and get the desired result in my database, but that leaves me with a form that's potentially vulnerable to cross-site scripting attacks. Any thoughts? Thanks, Paul -- Paul Grotevant / Web Technologies Team ITS Applications / University of Texas at Austin [EMAIL PROTECTED] 512-471-1616
smime.p7s
Description: S/MIME cryptographic signature
