有没有办法在 Zend 中自动过滤 getRequest() 参数? [英] Is there a way to auto filter the getRequest() params in Zend?

问题描述

如果不需要的话，我真的不想在每次 getRequest->getParam('x') 之后在我的代码中调用 Zend 过滤器.是否有一种懒惰的方式来神奇地过滤 getRequest 中的所有内容?

I don't really want to call the Zend filter in my code after every getRequest->getParam('x') if I don't have to. Is there a lazy way of filtering everything inside getRequest magically?

当我说过滤器时，我的意思是转义标签、清除 XSS 和转义任何 sql 转义字符.

即:

$myVar = $this->getRequest()->getParam('x');
filter the variable, escape sql stuf... etc 

标准是什么?你是怎么做的?

What's the standard? How are you doing it?

推荐答案

有几种方法可以处理您的情况.

There are a few ways to deal with your situation.

首先，您可以一次获取所有参数:

First of all, you can get all params at once:

$params = $this->_request->getParams(); //_request is equivalent to getRequest()

因此，一种过滤所有参数的懒惰方法是在声明过滤器时使用 *****，这意味着所有字段，并且看起来像:

So a lazy way to filter all your params would be to use the ***** when declaring your filters, which means all fields, and would look something like:

$filters = array('*' => array('StringTrim','HtmlEntities','StripTags'));
$input = new Zend_Filter_Input($filters,$validators,$params);
if($input->isValid()) {
     //blah blah blah
}

您应该阅读有关 request 对象的更多信息，如以及过滤器、输入过滤器 和 验证器.

You should read more about the request object, as well as filters, input filters and validators.

这篇关于有没有办法在 Zend 中自动过滤 getRequest() 参数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！