Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

safe post/get data

$password = $this->request->getPost('password');
$email        = $this->request->getPost('email', 'email');
$address   = $this->request->getPost('address');
/* validation goes here */

$user = new User();
$user->email    = $email;
$user->password = $this->security->hash($password);
$user->address = $address;



  • user->password should be safe because of hash applied
  • user->email should be safe because of email filter applied

Is it safe to save $adress in db (mongo) withtout additional sanitizing/filtering?



When using the ORM to handle database objects the escaping is handled automatically. :) I personally haven't used the MongoDB adapter yet, but presumably it's handled the same way as other database adapters.

So to answer your question, yes it is safe.