diff --git a/src/Repository/AddressRepository.php b/src/Repository/AddressRepository.php index 01e501a..75bb186 100644 --- a/src/Repository/AddressRepository.php +++ b/src/Repository/AddressRepository.php @@ -38,7 +38,15 @@ class AddressRepository $statement->execute(); $addresses = []; while ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) { - $address = new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']); + $address = new AddressBookEntry( + owner: htmlspecialchars(string: $result['owner']), + first: htmlspecialchars(string: $result['first']), + last: htmlspecialchars(string: $result['last']), + street: htmlspecialchars(string: $result['street']), + zip: htmlspecialchars(string: $result['zip']), + city: htmlspecialchars(string: $result['city']), + phone: htmlspecialchars(string: $result['phone']), + id: htmlspecialchars(string: $result['id'])); $addresses[] = $address; } return $addresses; @@ -60,7 +68,15 @@ class AddressRepository $statement->bindParam(param: ':id', var: $id); $statement->execute(); if ($result = $statement->fetch(mode: PDO::FETCH_ASSOC)) { - return new AddressBookEntry(owner: $result['owner'], first: $result['first'], last: $result['last'], street: $result['street'], zip: $result['zip'], city: $result['city'], phone: $result['phone'], id: $result['id']); + return new AddressBookEntry( + owner: htmlspecialchars(string: $result['owner']), + first: htmlspecialchars(string: $result['first']), + last: htmlspecialchars(string: $result['last']), + street: htmlspecialchars(string: $result['street']), + zip: htmlspecialchars(string: $result['zip']), + city: htmlspecialchars(string: $result['city']), + phone: htmlspecialchars(string: $result['phone']), + id: htmlspecialchars(string: $result['id'])); } else { return null; }