added htmlspecialchars for output
This commit is contained in:
@@ -38,7 +38,15 @@ class AddressRepository
|
||||
$statement->execute();
|
||||
$addresses = [];
|
||||
while ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
|
||||
$address = new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']);
|
||||
$address = new AddressBookEntry(
|
||||
owner: htmlspecialchars(string: $result['owner']),
|
||||
first: htmlspecialchars(string: $result['first']),
|
||||
last: htmlspecialchars(string: $result['last']),
|
||||
street: htmlspecialchars(string: $result['street']),
|
||||
zip: htmlspecialchars(string: $result['zip']),
|
||||
city: htmlspecialchars(string: $result['city']),
|
||||
phone: htmlspecialchars(string: $result['phone']),
|
||||
id: htmlspecialchars(string: $result['id']));
|
||||
$addresses[] = $address;
|
||||
}
|
||||
return $addresses;
|
||||
@@ -60,7 +68,15 @@ class AddressRepository
|
||||
$statement->bindParam(param: ':id', var: $id);
|
||||
$statement->execute();
|
||||
if ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
|
||||
return new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']);
|
||||
return new AddressBookEntry(
|
||||
owner: htmlspecialchars(string: $result['owner']),
|
||||
first: htmlspecialchars(string: $result['first']),
|
||||
last: htmlspecialchars(string: $result['last']),
|
||||
street: htmlspecialchars(string: $result['street']),
|
||||
zip: htmlspecialchars(string: $result['zip']),
|
||||
city: htmlspecialchars(string: $result['city']),
|
||||
phone: htmlspecialchars(string: $result['phone']),
|
||||
id: htmlspecialchars(string: $result['id']));
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user