Handling input with the Zend Framework (Post,get,etc)

DFectuoso picture DFectuoso · Jan 19, 2009 · Viewed 35.8k times · Source

im re-factoring php on zend code and all the code is full of $_GET["this"] and $_POST["that"]. I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).

So i was wondering if my method was safer/better/easier to mantain. I read in the Zend Framework documentation that you must validate your own input since the request object wont do it.

That leaves me with 2 questions:

  • What is best of this two? (or if theres another better way)
  • What is the best practice for validating php input with this methods?

Thanks!

Answer

Brian Fisher picture Brian Fisher · Jan 19, 2009

I usually use $this->_request->getParams(); to retrieve either the post or the URL parameters. Then I use the Zend_Filter_Input to do validation and filtering. The getParams() does not do validation.

Using the Zend_Filter_Input you can do application level validation, using the Zend Validators (or you can write your own too). For example, you can make sure the 'months' field is a number:

$data = $this->_request->getParams();

$validators = array(
    'month'   => 'Digits',
);

$input = new Zend_Filter_Input($filters, $validators, $data);