Validation (vs) Sanitization in Symfony2+Twig?

by

  1. You should not worry at all about input sanitization, Doctrine is immune to sql injection

  2. By default, all output is escaped. So even if $text has script tags, it will be escaped; visible as text but not executed by browser. And if you want to have http://example.com clickable, there are jquery plugins that can do that for you.

  3. I would only put validation, there is 

    new Symfony\Component\Validator\Constraints\Url() ;

available for you

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)