Answer the question
In order to leave comments, you need to log in
C
C
chelkaz2016-03-22 19:24:24
chelkaz, 2016-03-22 19:24:24
Is there something more logical for filtering requests?
There are many different shapes throughout the project. In fact, the user needs all the characters for a complete description. Perhaps there is something ready and tested? At the moment I'm doing it through a loop:
foreach ($request->all() as $key => $val) {
$new_val = htmlspecialchars(preg_quote(strip_tags($val),"'"), ENT_QUOTES);
$request->merge([$key => $new_val]);
}
3 answer(s)
@Stalker_RED
1. We don’t change anything at the input, we only escape sql injections before writing to the database (this is already built into the ORM in most frameworks)
2. We escape / filter the text when outputting to the template.
@eskrano
@wielski
S
Stalker_RED, 2016-03-22 @Stalker_RED
In fact, the user needs all the characters for a complete description.
1. We don’t change anything at the input, we only escape sql injections before writing to the database (this is already built into the ORM in most frameworks)
2. We escape / filter the text when outputting to the template.
E
eskrano, 2016-03-22 @eskrano
You need to escape only when you withdraw.
And the code that was attached here - throw it away and never get it.
A
Andrzej Wielski, 2016-03-22 @wielski
1 . To write to the database, always use models , and the built-in ORM . He screens everything for you.
If you need html tags to be output in the usual way, use the following construction:
If for some reason you do not want to use Blade (and in vain, the tool is good) - use laravel's built-in function - e() helper for escaping:<?php echo e($title); ?>
Similar questions
K
R
E
S
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question