How to filter and validate user input in Zend Framework

on my website I have a comment section. I want to filter and validate the input before I store it in my database. If there are any invalid 开发者_运维技巧chars in the input the user gets the notice that his input is invalid.

My question, which chars are not allowed? e.g. I want to avoid sql injections

Tags are not allowed. How do I check that?

If you are using Zend_Db and parameterised queries (i.e.: $adapter->insert($tableName, array('param' => 'value'))) then it will automagically escape everything for you.

If however you want to further validate the user input, have a look at Zend_Validate and Zend_Filter

Also, if by "tags" you mean HTML tags, I wouldn't do anything to those on input but do make sure you properly escape / strip them on output (have a look at htmlspecialchars())

If you want to display an error message if the input contains HTML tags, and assuming $comment is the comment body, you could try:

if(strip_tags($comment) !== $comment) {
    // It seems it contained some html tags
}