The Zend Framework blog has posted a new tutorial covering a single component of the framework. In this latest article ZF lead developer Matthew Weier O'Phinney covers the zend-filter component for filtering input from your users.
When securing your website, the mantra is "Filter input, escape output." We previously covered escaping output with our post on zend-escaper. We're now going to turn to filtering input.
Filtering input is rather complex and spans a number of practices: filtering/normalizing input [and] validating input. For now, we're going to look at the first item, filtering and normalizing input, using the component zend-filter.
He shows you how to get the component installed, via Composer, and talks about some of the dependencies it needs, optional and required. Since they'll be using the "FilterChain" functionality, he also requires that. He moves into the code, showing the interface required for a validator to work (basically just defining a "filter" method). He talks about some of the common filtered included and how to refactor custom validation handling into a FilterChain performing the same operations. He ends with another example of reading from a file and how to use it on an array of values, each line as a string from the file.