We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

safe post/get data

IGonza Nov '14

Created Nov '14	Last Reply Nov '14	Replies 1	Views 513	Votes 0

IGonza 10.7k

Nov '14

$password = $this->request->getPost('password');
$email        = $this->request->getPost('email', 'email');
$address   = $this->request->getPost('address');
/* validation goes here */
....

$user = new User();
$user->email    = $email;
$user->password = $this->security->hash($password);
$user->address = $address;

$user->save();

user->password should be safe because of hash applied
user->email should be safe because of email filter applied

Is it safe to save $adress in db (mongo) withtout additional sanitizing/filtering?

thanks

Mitchell Macpherson
6.9k

Accepted
answer

Nov '14

When using the ORM to handle database objects the escaping is handled automatically. :) I personally haven't used the MongoDB adapter yet, but presumably it's handled the same way as other database adapters.

So to answer your question, yes it is safe.