开发者

Zend sanitizing input

开发者 https://www.devze.com 2023-02-06 16:25 出处:网络
I\'ve sanitized my form\'s input (textarea field) and when I display it on my view it comes out like this:

I've sanitized my form's input (textarea field) and when I display it on my view it comes out like this:

<p>I\'m in it to win it!! I\'m looking forward to playing the contest in <br />Contest Central. He aims to cross-pollinate the stage, screen and stereo <br />with work that speaks to both the humor and frustrations of modern life.</p>

In my controller I have this:

public function init(){

 $this->view->setEscape('html_entity_decode');
 $this->view->setEscape('stripslashes');

}

But only one works, if I erase one the setEscape then the other works and vice versa. So I开发者_Python百科 can get stripslashes to work if I put it first but html_entity_decode wont work and vice versa


You need to define your own function that should be used for escaping. For example, you can defined a class My_Tools in library/My/Tools.php as follows:

<?php
#Tools.php

class My_Tools {

    /**
     * My custom escape function
     *
     * @param string $str String to be escaped
     * @return string Escaped string
     */
    static function myEscape($str) {
        $str = html_entity_decode($str);
        return stripslashes($str);
    }

}

?>

Then, your init() could have the following form:

public function init() {

    require_once(APPLICATION_PATH . '/../library/My/Tools.php');
    $this->view->setEscape(array('My_Tools', 'myEscape'));

}

Off course it would be better to add Tools to Autoloader, but for this is just an example.

0

精彩评论

暂无评论...
验证码 换一张
取 消