Handling input with the Zend Framework (Post,get,etc)

Question

im re-factoring php on zend code and all the code is full of $_GET[\"this\"] and $_POST[\"that\"]. I have always used the more phpish $this->_

Answer 1

Extending Brian's answer.

As you noted you can also check out $this->_request->getPost() and $this->_request->getQuery(). If you generalize on getParams(), it's sort of like using the $_REQUEST superglobal and I don't think that's acceptable in terms of security.

Additional to Zend_Filter, you may also use simple PHP to cast the required.

E.g.:

$id = (int) $this->_request->getQuery('id');

For other values, it gets more complicated, so make sure to e.g. quote in your DB queries (Zend_Db, see quoting identifiers, $db->quoteIdentifier()) and in views use $this->escape($var); to escape content.