How to filter database inserts – HTML, Usernames, etc. in Zend Framwork

Posted on: Feb 15, 2008 by wenbert

I woke up today thinking about how to handle strings when inserting to MySQL. What if the string I am trying to save into the database contains HTML characters? Let’s say you are using FCKEditor, how would you “generally” handle strings to be inserted into your database? Because when I think of it, I don’t have a quick answer. I have to test it around until satisfied with the output.

If I am too strict of what to save — then I would have problems outputting the HTML into the browser. Tables would be messed up and form elements would not work.

So, how do you filter different kinds of data to be inserted into MySQL using Zend Framework? Kinds of data as in:


Subscribe to comments Comment | Trackback |
Post Tags: , ,

Browse Timeline


Comments ( 6 )

ZF has a filter plugin to escape html.

kimbou added these pithy words on Mar 04 08 at 10:01 PM

kimbou, can you show a short example?

Wenbert added these pithy words on Mar 04 08 at 10:50 PM

To filter incoming data Zend Framework has special kind of classes: Zend_Filter_*. You can find them in the Zend/Filter directory. There are a lot of filters for different situation.
Below I show you a simple example of using them.

Zend_Loader::loadClass(‘Zend_Filter_StripTags’);
// create filter object
$oF = new Zend_Filter_StripTags();
// get filtered data from $_POST
$sSomeText = $oF->filter($this->_request->getPost(‘some_text’));

In this example we filtered $_POST['some_text'] data with StripTags filter.

Roman Nestertsov added these pithy words on Mar 08 08 at 8:16 PM

Also with new Zend Framework 1.5 release there are ability to add filters directly to the Form Elements when you use Zend_Form class for automatically filtering incoming data. It’s very usefull method.

Roman Nestertsov added these pithy words on Mar 08 08 at 9:06 PM

Thanks Roman! I have just started Zend_Form a few weeks ago. I started with Akrabat’s Zend_Form Tutorial ( http://akrabat.com/2008/02/21/simple-zend_form-example/ ).

I love Zend_Form! Especially the “populate”-form and the validators and filters makes my life easier :)

Wenbert added these pithy words on Mar 09 08 at 12:03 PM

i love you

gbaby added these pithy words on Aug 04 08 at 10:29 PM

Add a Comment


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">


© Copyright 2007 eKini Web Developer Blog . Thanks for visiting!