We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

safe post/get data

$password = $this->request->getPost('password');
$email        = $this->request->getPost('email', 'email');
$address   = $this->request->getPost('address');
/* validation goes here */
....

$user = new User();
$user->email    = $email;
$user->password = $this->security->hash($password);
$user->address = $address;

$user->save();
  • user->password should be safe because of hash applied
  • user->email should be safe because of email filter applied

Is it safe to save $adress in db (mongo) withtout additional sanitizing/filtering?

thanks



6.9k
Accepted
answer

When using the ORM to handle database objects the escaping is handled automatically. :) I personally haven't used the MongoDB adapter yet, but presumably it's handled the same way as other database adapters.

So to answer your question, yes it is safe.