News Feed
Sections
News Archive


Community Events
php|tek 2008 PHP Conference



Rob Allen's Blog:
A View Stream with Zend_View
0 comments :: posted Thursday February 07, 2008 @ 07:58:17
voice your opinion now!
BY CHRIS CORNUTT

Rob Allen has posted about a small modification that he made to his Zend Framework setup that allows for a little safer echoing of information out to the View later of an application.

One of my biggest issues with using PHP as the templating engine in View scripts is that the easiest way to echo a variable is the least secure. [...] So, I decided to leverage a post by Mike Naberezny from a while ago about streams. The idea is all his; I just modified it to work with Zend Framework's Zend_View the way I wanted it to.

His method uses a slightly different output format - instead of using a normal echo statement to push out the escaped output, it uses a special syntax using the "@" sign as a shortcut to the call to escape(). He includes the code you'll need to make it work in your ZF install and explain it a bit (including where the real key lies - in stream_popen).

tagged with: zendframework stream zendview escape custom output view



mysql database package cakephp job conference PHP5 ajax security pecl developer release zend releases book application code framework zendframework PEAR

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework