When I programmatically set a Magento item attribute to data that the user provided, do I need to SQL escape/sanitize that data or does Magento take care开发者_运维技巧 of doing so?
-- Here's a code example:
$cart = Mage::getSingleton('checkout/cart');
$cart->addProduct($product, array('qty' => 1, 'options' => array(5 =>$rawDataFromPost)));
$cart->save();
Data is properly sanitized and quoted. In fact the Zend framework does that, which Magento is built on.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论