tracer
/
addressbook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added htmlspecialchars for output

This commit is contained in:
tracer 2022-10-27 10:53:32 +02:00
parent 9ee8ae39df
commit e04cf94edd
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/Repository/AddressRepository.php
View File

@ -38,7 +38,15 @@ class AddressRepository
$statement->execute();
$addresses = [];
while ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
$address = new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']);
$address = new AddressBookEntry(
owner: htmlspecialchars(string: $result['owner']),
first: htmlspecialchars(string: $result['first']),
last: htmlspecialchars(string: $result['last']),
street: htmlspecialchars(string: $result['street']),
zip: htmlspecialchars(string: $result['zip']),
city: htmlspecialchars(string: $result['city']),
phone: htmlspecialchars(string: $result['phone']),
id: htmlspecialchars(string: $result['id']));
$addresses[] = $address;
}
return $addresses;
@ -60,7 +68,15 @@ class AddressRepository
$statement->bindParam(param: ':id', var: $id);
$statement->execute();
if ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) {
return new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']);
return new AddressBookEntry(
owner: htmlspecialchars(string: $result['owner']),
first: htmlspecialchars(string: $result['first']),
last: htmlspecialchars(string: $result['last']),
street: htmlspecialchars(string: $result['street']),
zip: htmlspecialchars(string: $result['zip']),
city: htmlspecialchars(string: $result['city']),
phone: htmlspecialchars(string: $result['phone']),
id: htmlspecialchars(string: $result['id']));
} else {
return null;
}