We are moving our forum in GitHub Discussions. For questions about Phalcon v3/v4 you can visit here and for Phalcon v5 here.

Sanitizing with Phalcon\Http\Request by default on user input data

  public function saveAction()
        // Sanitizing price from input
        $price = $this->request->getPost("price", "double");

        // Sanitizing email from input
        $email = $this->request->getPost("customerEmail", "email");

Why not implement automatic sanitazing of user input data?! Many developers will forget this one.

edited Dec '15

i dont like what phalcon offers as sanitizing. I created my own class to sanitize the stuff. I dont trust users or someone else to format data the way i need it.

I have old repo here: https://github.com/Izopi4a/formCast but I have updated version in zephyr if you need it just let me know.

The principle is the same, you describe what you need, and after that you will get it nice and clean no matter what

edited Dec '15

Thanks for the input. The thing that bothers me is the fact that Request service by default does not offer any level of filtering user inputs. So getPost is just a copy of superglobal $_POST array, without any filters applied. Framework should offer basic filtering by default..