Zend_InputFilter
The last component this tutorial covers isZend_InputFilter
. This class provides a simple but rigid approach to input filtering. You instantiate it by passing an array of data to be filtered:
<?php
$filterPost = new Zend_InputFilter($_POST);
?>
$_POST
) to
NULL
, so direct access is no longer possible.
Zend_InputFilter
instead provides a small, focused collection of methods that filter data according to specific criteria. For example, if you want the alphabetic characters of
$_POST['name'
], you can use the
getAlpha()
method:
<?php
/* $_POST['name'] = 'John123Doe'; */
$filterPost = new Zend_InputFilter($_POST);
/* $_POST = NULL; */
$alphaName = $filterPost->getAlpha('name');
/* $alphaName = 'JohnDoe'; */
?>
$filterPost
in this example) is a protected cage that contains the tainted data, making access to that data more controlled and consistent. Therefore, you should always use
Zend_InputFilter
when you need to access input.
Note:
Zend_Filter
provides static filtering methods that follow the same conventions as the
Zend_InputFilter
methods.
Building a News Management System
Although the preview release contains many more components (and even more are being developed), the components already discussed provide all you need to build a simple application. In the process, you should gain a clearer understanding of the framework's basic structure and design. Everyone develops applications a bit differently, and the Zend Framework tries to embrace diversity as much as possible. Similarly, this tutorial is subject to my preferences, so please adjust these to suite your own tastes. When I begin developing an application, I start with the interface. This doesn't mean I spend hours with markup, stylesheets, and images, but I do approach the problem from the perspective of a user. As such, I see an application as a collection of pages, where each page is a unique URL. This news management system consists of the following URLs:/
/add/news
/add/comment
/admin
/admin/approve
/view/{id}
IndexController
lists the news, the
AddController
handles adding news and comments, the
AdminController
handles administrative actions such as approving news, and the
ViewController
handles viewing a specific news entry and its corresponding comments. Begin by removing
FooController.php
if it still exists, and modify
IndexController.php
to add the appropriate actions and some comments as placeholders for the business logic:
<?php
Zend::loadClass('Zend_Controller_Action');
class IndexController extends Zend_Controller_Action
{
public function indexAction()
{
/* List the news. */
}
public function noRouteAction()
{
$this->_redirect('/');
}
}
?>
AddController.php
:
<?php
Zend::loadClass('Zend_Controller_Action');
class AddController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function commentAction()
{
/* Add a comment. */
}
function newsAction()
{
/* Add news. */
}
function __call($action, $arguments)
{
$this->_redirect('/');
}
}
?>
indexAction()
method of
AddController
should never be called. This only happens when the requested path is
/add
. Because a user might explore the URLs manually, this is likely, so you can redirect the user to the front page, display an error, or take whatever action you feel is appropriate. Next, create
AdminController.php
:
<?php
Zend::loadClass('Zend_Controller_Action');
class AdminController extends Zend_Controller_Action
{
function indexAction()
{
/* Display admin interface. */
}
function approveAction()
{
/* Approve news. */
}
function __call($action, $arguments)
{
$this->_redirect('/');
}
}
?>
ViewController.php
:
<?php
Zend::loadClass('Zend_Controller_Action');
class ViewController extends Zend_Controller_Action
{
function indexAction()
{
$this->_redirect('/');
}
function __call($id, $arguments)
{
/* Display news and comments for $id. */
}
}
?>
AddController
, the
index()
method should never be called, so you can take whatever action you feel is appropriate.
ViewController
is a bit different than the others, because you don't know what the valid actions are. In order to support URLs like
/view/23
, you must support dynamic actions with
__call()
.