Handling input with the Zend Framework (Post,get,etc)

前端 未结 6 1541
闹比i
闹比i 2021-02-01 05:04

im re-factoring php on zend code and all the code is full of $_GET[\"this\"] and $_POST[\"that\"]. I have always used the more phpish $this->_

6条回答
  •  粉色の甜心
    2021-02-01 05:39

    I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).

    What is best of this two? (or if theres another better way)

    Just a quick explanation on the choice of getQuery(). The wording choice comes from what kind of data it is, not how it got there. GET and POST are just request methods, carrying all sorts of information, including, in the case of a POST request, a section known as "post data". A GET request has no such block, any variable data it carries is part of the query string of the url (the part after the ?).

    So, while getPost() gets the data from the post data section of a POST request, getQuery() retrieves data from the query string of either a GET or POST request (as well as other HTTP Request methods).

    (Note that GET Requests should not be used for anything that might produce a side effect, like altering a DB row)

    So, in answer to your first question, use the getPost() and getQuery() methods, this way, you can be sure of where the data source (if you don't care, getParams() also works, but may include additional data).

    What is the best practice for validating php input with this methods?

    The best place to validate input is where you first use it. That is to say, when you pull it from getParams(), getPost(), or getQuery(). This way, your data is always correct for where you need it, and if you pass it off, you know it is safe. Keep in mind, if you pass it to another Controller (or Controller Action), you should probably check it again there, just to be safe. How you do this depends on your application, but it still needs to be checked.

提交回复
热议问题