santize data with zend

im trying to write a function that will sanitize data coming from the client side. im using zend framework and i know that it offers functions to do that. but im not using zend_form so i dont know how to use those functions

i wanna be able to sanitize the data from sql injections... before save them in the db or doing any further processing with that data.

so my question is , is there any fun开发者_运维知识库ction out there or a library that can do that ?

im looking for a function that will take as an input a string and return the sanitized one.

thank you

If you use prepared statements with PDO, Zend_Db or another ORM then the parameters will be escaped properly so that takes care of sanitizing in most cases.

PDO Example:

$pdo = new PDO($dsn, $username, $password);
$pdo->prepare("INSERT INTO some_table (col1, col2, col3) VALUES (?,?,?)");
$pdo->execute(array($valueCol1, $valueCol2, $valueCol3));

Before you even get to that step though you should validate the data which is what Zend_Validate is for. You dont have to use Zend_Validate with Zend_Form if you dont want to - you can just create validator instances and then validate different values.

Example from the ZF Documentation:

$validator = new Zend_Validate_EmailAddress();

if ($validator->isValid($email)) {
    // email appears to be valid
} else {
    // email is invalid; print the reasons
    foreach ($validator->getMessages() as $messageId => $message) {
        echo "Validation failure '$messageId': $message\n";
    }
} 

Zend_Form is just a handy way to handle form processing and make things easily reusable.