Filtering Tainted Data

ext/filter vs. Zend_Filter

All input should be considered tainted. The question is: how do we filter it to ensure that the input received is the input expected? This talk will examine the PECL Input Filter extension and the Zend_InputFilter class from the Zend Framework, comparing and contrasting their approaches to filtering input. We’ll consider examples of both techniques and see how they work to ensure that the data we receive is safe to use.