Is there a PHP library that performs MySQL Data Validation and Sanitization According to Column Type
- by JW
Do you know of any open source library or framework that can perform some basic validation and escaping functionality for a MySQL Db.
i envisage something along the lines of:
//give it something to perform the quote() quoteInto() methods
$lib->setSanitizor($MyZend_DBAdaptor);
//tell it structure of the table - colnames/coltypes/ etc
$lib->setTableDescription($tableDescArray);
//use it to validate and escape according to coltype
foreach ($prospectiveData as $colName => $rawValue)
if ( $lib->isValid($colName, $rawValue))
{
//add it to the set clause
$setValuesArray[$lib->escapeIdentifier($colName);] = $lib->getEscapedValue($colName,$rawValue);
}
else {
throw new Exception($colName->getErrorMessage());
}
etc...
I have looked into
- Zend_Db_Table (which knows about a table's description), and
- Zend_Db_Adaptor (which knows how to escape/sanitize values depending on TYPE)
but they do not automatically do any clever stuff during updates/inserts
Anyone know of a good PHP library to preform this kind of validation that I could use rather than writing my own?
i envisage alot of this kind of stuff:
...
elseif (eregi('^INT|^INTEGER',$dataset_element_arr[col_type]))
{
$datatype='int';
if (eregi('unsigned',$dataset_element_arr[col_type]))
{
$int_max_val=4294967296;
$int_min_val=0;
}
else {
$int_max_val=2147483647;
$int_min_val=-2147483648;
}
}
(p.s I know eregi is deprecated - its just an example of laborious code)
