The Model class uses the value function of its database object [e.g. $db->value($value)] several times in order to sanitize any incoming data. When building a hand-crafted SQL query I have to access this functionality as well, but the latest version of CakePHP doesn't seem to provide a way. There's the Sanitize class as well, but it doesn't work as expected, there is no escaping at all. Here are the important parts of both functions in comparison:
sql function of Sanitize class: function sql($string) { if (!ini_get('magic_quotes_gpc')) { $string = addslashes($string); } return $string; } excerpt of the value function of the DboMysql class: function value($data, $column = null, $safe = false) { ... if (ini_get('magic_quotes_gpc') == 1) { $data = stripslashes($data); } $data = mysql_real_escape_string($data, $this->connection); ... } In my opinion it would be preferable to have direct access to the value function from within the model hierachy. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---