I don't really want to call the Zend filter in my code after every getRequest->getParam('x') if I don't have to. Is there a lazy way of filtering everything inside getRequest magically?
Edit: When I say filter, I mean, escapting tags, cleaning out the XSS, and escaping any sql escape characters.
i.e:
$myVar = $this->getRequest()->getParam('x');
filter the variable, escape sql stuf... etc
What's the standard? How are you doing it?
There are a few ways to deal with your situation.
First of all, you can get all params at once:
$params = $this->_request->getParams(); //_request is equivalent to getRequest()
So a lazy way to filter all your params would be to use the * when declaring your filters, which means all fields, and would look something like:
$filters = array('*' => array('StringTrim','HtmlEntities','StripTags'));
$input = new Zend_Filter_Input($filters,$validators,$params);
if($input->isValid()) {
//blah blah blah
}
You should read more about the request object, as well as filters, input filters and validators.
karim79's answer covers grabbing the params in one array.
Generally you shouldn't need Zend_Filter on a per request basis to clean up data.
To prevent XSS you should escape data output in a view:
$this->escape($someUserSuppliedData)
and when dealing with Zend_Db some methods such as insert and update will quote data for you. When constructing queries manually you can use the Zend_Db functions like quote
The only way is to do it every way.
use Zend_Filter_Input (as noted above by karim79) to filter things to how they should be stored or looked up by (stripping tags with StripTags, casting to Int, StringTrim, etc), validating where validation needed - but not htmlentities since that should probably be done on output to avoid complications in db search, etc. Fields should be individually flitered/validated in most cases.
use parameterized queries (Zend_Db_Select with ? placeholders) always, or at least use the db escape functions
escape all output (Zend_View_Helper_Escape -> $this->escape()) as necessary.
Maybe he is looking for a way to overload the getRequest() method and then filter inside the new created method the request object.
Check out: http://framework.zend.com/manual/en/zend.controller.plugins.html
Then you can just use the Zend_Filter class or create your own filter class overloading the above..