Is there a PHP library that performs MySQL Data Validation and Sanitization According to Column Type

Posted by JW on Stack Overflow See other posts from Stack Overflow or by JW
Published on 2010-04-23T01:54:00Z Indexed on 2010/04/23 2:03 UTC
Read the original article Hit count: 391

Filed under:

php

|

sql

|

validation

|

sanitization

|

mysql

Do you know of any open source library or framework that can perform some basic validation and escaping functionality for a MySQL Db.

i envisage something along the lines of:

//give it something to perform the quote() quoteInto() methods
$lib->setSanitizor($MyZend_DBAdaptor); 

//tell it structure of the table - colnames/coltypes/ etc
$lib->setTableDescription($tableDescArray); 

//use it to validate and escape according to coltype 
foreach ($prospectiveData as $colName => $rawValue)
if ( $lib->isValid($colName, $rawValue))
 {
 //add it to the set clause
 $setValuesArray[$lib->escapeIdentifier($colName);] = $lib->getEscapedValue($colName,$rawValue);
 }
else {
 throw new Exception($colName->getErrorMessage());
 }

etc...

I have looked into - Zend_Db_Table (which knows about a table's description), and - Zend_Db_Adaptor (which knows how to escape/sanitize values depending on TYPE)

but they do not automatically do any clever stuff during updates/inserts

Anyone know of a good PHP library to preform this kind of validation that I could use rather than writing my own?

i envisage alot of this kind of stuff:

   ...  
   elseif (eregi('^INT|^INTEGER',$dataset_element_arr[col_type]))
    {
    $datatype='int';

    if (eregi('unsigned',$dataset_element_arr[col_type]))
        {
        $int_max_val=4294967296;
        $int_min_val=0;
        }
    else    {
        $int_max_val=2147483647;
        $int_min_val=-2147483648;
        }
    }

(p.s I know eregi is deprecated - its just an example of laborious code)

Developer IT