使用 Zend 框架处理输入(Post、get 等)

2022-01-04 00:00:00 input post get php zend-framework

我在 zend 代码上重构了 php,所有代码都充满了 $_GET["this"]$_POST["that"].我一直使用更多的 phpish $this->_request->getPost('this')$this->_request->getQuery('that')(这个与 getquery 而不是 getGet 不太合逻辑).

im re-factoring php on zend code and all the code is full of $_GET["this"] and $_POST["that"]. I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).

所以我想知道我的方法是否更安全/更好/更容易维护.我在 Zend Framework 文档中读到您必须验证自己的输入,因为请求对象不会这样做.

So i was wondering if my method was safer/better/easier to mantain. I read in the Zend Framework documentation that you must validate your own input since the request object wont do it.

这给我留下了两个问题:

That leaves me with 2 questions:

  • 这两个哪个最好?(或者如果有另一种更好的方法)
  • 使用此方法验证 php 输入的最佳做法是什么?

谢谢!

推荐答案

我通常使用 $this->_request->getParams();检索帖子或 URL 参数.然后我使用 Zend_Filter_Input 进行验证和过滤.getParams() 不做验证.

I usually use $this->_request->getParams(); to retrieve either the post or the URL parameters. Then I use the Zend_Filter_Input to do validation and filtering. The getParams() does not do validation.

使用 Zend_Filter_Input,您可以使用 Zend 验证器(或者您也可以编写自己的)进行应用程序级验证.例如,您可以确保 'months' 字段是一个数字:

Using the Zend_Filter_Input you can do application level validation, using the Zend Validators (or you can write your own too). For example, you can make sure the 'months' field is a number:

$data = $this->_request->getParams();

$validators = array(
    'month'   => 'Digits',
);

$input = new Zend_Filter_Input($filters, $validators, $data);

相关文章