The Model class uses the value function of its database object [e.g.
$db->value($value)] several times in order to sanitize any incoming
data. When building a hand-crafted SQL query I have to access this
functionality as well, but the latest version of CakePHP doesn't seem
to provide a way.
There's the Sanitize class as well, but it doesn't work as expected,
there is no escaping at all. Here are the important parts of both
functions in comparison:
sql function of Sanitize class:
function sql($string) {
if (!ini_get('magic_quotes_gpc')) {
$string = addslashes($string);
}
return $string;
}
excerpt of the value function of the DboMysql class:
function value($data, $column = null, $safe = false) {
...
if (ini_get('magic_quotes_gpc') == 1) {
$data = stripslashes($data);
}
$data = mysql_real_escape_string($data, $this->connection);
...
}
In my opinion it would be preferable to have direct access to the value
function from within the model hierachy.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
