Zend Framework disable string escape in ->insert | ansaurus

tags:

zend-framework

views:

401

answers:

1

Q:

Zend Framework disable string escape in ->insert

How can I disable string escape in $db->insert, I need to insert html in my database, so I don't want any string escape.Any solutions?

+5 A:

You don't want to disable that escaping.

Escaping data doesn't prevent you from inserting anything. In fact, quite the opposite: escaping data enables you to properly insert characters like quote marks that could otherwise confuse the database. More importantly, passing unescaped data directly to a database exposes an enormous security hole, making it trivial for a "hacker" (if we use the term liberally) to gain unrestricted access to your site and to your database.

You're probably confusing SQL escaping (which escapes data for use in SQL queries) with htmlspecialchars(), which escapes data for use on webpages. The two are unrelated.

VoteyDisciple 2009-08-11 15:30:07

solved with html_entities

Uffo 2009-08-11 15:31:44

related questions

Zend framework; Getting controller to use different viewer.

Zend Framework - Is there a script to index static content from Views?

How to Use Same Models in Different Modules in Zend Framework?

Call to a member function on a non-object

Automatically joining tables without breaking default behaviour in Zend Framework

Emulate MySQL LIMIT clause in Microsoft SQL Server 2000

Zend Framework fetchAll

MVC data design problem with Zend framework.

Custom Filters/Validators in Zend Framework

I'm confused about something in the Zend Framework.

How to generate pdf files _with_ utf-8 multibyte characters using Zend Framework

URL segment to action method parameter in Zend Framework

Create cronjob with Zend Framework

Route-problem regarding Url-encoded Umlauts (using the Zend-framework)

In need for a site that explains how to use PHPUnit

How can I initialize Zend_Form_Element_Select with a config array?

Zend Framework - ErrorHandler does not seem to be working as expected.

Zend Framework Select Operator Precedence

Zend Framework or CakePHP?

How do I use PHPUnit with Zend Framework?

ASP.NET MVC versus the Zeitgeist

Smarty integration into the Code Igniter framework.

Failed to load Zend/Loader.php. Trying to work out why?

Using Zend Framework and setting a Zend_Form_Element form field to be required, how do I change the validator used to ensure that the element is not blank

Can you recommend a good book on zend framework.