-- iceangel89 wrote
(on Saturday, 06 June 2009, 08:51 PM -0700):
> Matthew Weier O'Phinney-3 wrote:
> > (In 2.0, we will make escaping the default within Zend_View, and require
> > you to explicitly ask for raw data if you don't want escaping.)
>
> that will be much better!
>
> hmm sometimes if
On Sun, Jun 7, 2009 at 11:12 AM, iceangel89 wrote:
>
> oh Matthew Weier O'Phinney mentioned that ... i meant when escaping for SQL
> this time.
Read this first:
http://framework.zend.com/manual/en/zend.db.html#zend.db.adapter.quoting
Then take a look at this example:
http://framework.zend.com/man
oh Matthew Weier O'Phinney mentioned that ... i meant when escaping for SQL
this time.
vince. wrote:
>
> You could use
> $this->view->escape
>
--
View this message in context:
http://www.nabble.com/Security---Preventing-SQL-Injections%2C-XSS-etc-tp23900449p23909053.html
Sent from the Zend
You could use
$this->view->escape
On Sun, Jun 7, 2009 at 6:51 AM, iceangel89 wrote:
>
>
> Matthew Weier O'Phinney-3 wrote:
> >
> > (In 2.0, we will make escaping the default within Zend_View, and require
> > you to explicitly ask for raw data if you don't want escaping.)
> >
>
> that will be muc
Matthew Weier O'Phinney-3 wrote:
>
> (In 2.0, we will make escaping the default within Zend_View, and require
> you to explicitly ask for raw data if you don't want escaping.)
>
that will be much better!
hmm sometimes if i have a complex query with joins to alot of tables ... and
i dont have
-- iceangel89 wrote
(on Saturday, 06 June 2009, 03:12 AM -0700):
> what do i need to know to develop an app that is relatively safe from common
> security issues like SQL Injections, XSS etc etc?
>
> did i read some where that getRequest()->getParam('something') will be
> filtered by default?
what do i need to know to develop an app that is relatively safe from common
security issues like SQL Injections, XSS etc etc?
did i read some where that getRequest()->getParam('something') will be
filtered by default?
btw, if something is filtered/escaped for SQL, i need to unescape it for
dis