depends on the situation but in 99% of all cases: dont sanitize, dont strip tags, dont do anything on save simple use h() to remove html tags in the view where you output the database content
echo h($user['User']['username']); etc On 26 Aug., 23:47, Ryan Schmidt <google-2...@ryandesign.com> wrote: > On Aug 26, 2011, at 15:39, Prabha vathi wrote: > > > It seems i read some wrong tutorial. :( > > I have added few hundred of data in database. Is there anyway to fix it? > > Sure, but it's outside the scope of what CakePHP does. I'd dump the data to a > text file, search for all occurrences of the regular expression &[^;]+; and > then fix those database entries by hand. If there are many, I might write a > one-time script or set of UPDATE statements to fix things. Of course I'd > first fix the code and deploy it, so that no new bad entries get into the > database. > > > When i send the data to database, how do i strip the html tags? Should i > > use strip_tags? > > I'm not certain what the recommended way to do that in CakePHP is. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php