有没有办法在 Zend 中自动过滤 getRequest() 参数? [英] Is there a way to auto filter the getRequest() params in Zend?
问题描述
如果不需要的话,我真的不想在每次 getRequest->getParam('x') 之后在我的代码中调用 Zend 过滤器.是否有一种懒惰的方式来神奇地过滤 getRequest 中的所有内容?
I don't really want to call the Zend filter in my code after every getRequest->getParam('x') if I don't have to. Is there a lazy way of filtering everything inside getRequest magically?
当我说过滤器时,我的意思是转义标签、清除 XSS 和转义任何 sql 转义字符.
即:
$myVar = $this->getRequest()->getParam('x');
filter the variable, escape sql stuf... etc
标准是什么?你是怎么做的?
What's the standard? How are you doing it?
推荐答案
有几种方法可以处理您的情况.
There are a few ways to deal with your situation.
首先,您可以一次获取所有参数:
First of all, you can get all params at once:
$params = $this->_request->getParams(); //_request is equivalent to getRequest()
因此,一种过滤所有参数的懒惰方法是在声明过滤器时使用 *****,这意味着所有字段,并且看起来像:
So a lazy way to filter all your params would be to use the ***** when declaring your filters, which means all fields, and would look something like:
$filters = array('*' => array('StringTrim','HtmlEntities','StripTags'));
$input = new Zend_Filter_Input($filters,$validators,$params);
if($input->isValid()) {
//blah blah blah
}
您应该阅读有关 request 对象的更多信息,如以及过滤器、输入过滤器 和 验证器.
You should read more about the request object, as well as filters, input filters and validators.
这篇关于有没有办法在 Zend 中自动过滤 getRequest() 参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!