Is there a PHP library that performs MySQL Data Validation and Sanitization According to Column Type
Posted
by JW
on Stack Overflow
See other posts from Stack Overflow
or by JW
Published on 2010-04-23T01:54:00Z
Indexed on
2010/04/23
2:03 UTC
Read the original article
Hit count: 395
Do you know of any open source library or framework that can perform some basic validation and escaping functionality for a MySQL Db.
i envisage something along the lines of:
//give it something to perform the quote() quoteInto() methods
$lib->setSanitizor($MyZend_DBAdaptor);
//tell it structure of the table - colnames/coltypes/ etc
$lib->setTableDescription($tableDescArray);
//use it to validate and escape according to coltype
foreach ($prospectiveData as $colName => $rawValue)
if ( $lib->isValid($colName, $rawValue))
{
//add it to the set clause
$setValuesArray[$lib->escapeIdentifier($colName);] = $lib->getEscapedValue($colName,$rawValue);
}
else {
throw new Exception($colName->getErrorMessage());
}
etc...
I have looked into - Zend_Db_Table (which knows about a table's description), and - Zend_Db_Adaptor (which knows how to escape/sanitize values depending on TYPE)
but they do not automatically do any clever stuff during updates/inserts
Anyone know of a good PHP library to preform this kind of validation that I could use rather than writing my own?
i envisage alot of this kind of stuff:
...
elseif (eregi('^INT|^INTEGER',$dataset_element_arr[col_type]))
{
$datatype='int';
if (eregi('unsigned',$dataset_element_arr[col_type]))
{
$int_max_val=4294967296;
$int_min_val=0;
}
else {
$int_max_val=2147483647;
$int_min_val=-2147483648;
}
}
(p.s I know eregi is deprecated - its just an example of laborious code)
© Stack Overflow or respective owner