|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2014-03-06 14:39 UTC] narf at devilix dot net
[2017-10-24 08:29 UTC] kalle@php.net
-Package: PDO Core
+Package: PDO related
[2019-05-15 20:34 UTC] peehaa@php.net
-Status: Open
+Status: Wont fix
[2019-05-15 20:34 UTC] peehaa@php.net
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri May 24 15:01:29 2024 UTC |
Description: ------------ Hello. I think it would be very useful to have otput filtering built in PDO. For example if use fetchAll() I get raw data which might have XSS javascript inside. Then I have to filter it somehow e.g. htmlspecialchars. I think it would be great if such filtering could be done with method like fetchAllFiltered(array('number','string','html'); For example if i have a table posts and it looks like id, title, body then when calling fetchAllFiltered('number','string','html') i would get id sanitized as a number, title sanitized as a string or simply with htmlspecialchars() and a body which would get sanitized as html. e.g. no javascript inside, but all html tags present. Currently to filter the data coming from database usually is used filter_var or htmlspecialchars or anything else which i think is one more step in development which could be dropped using fetchAllFiltered(). Also i think that filtering could be added in default fetch methods of PDO as an array argument which describes filtering of output for those methods. For example: fetchAll(array('number',string','html')); and we get the filtered output.