Data is escaped properly when it is inserted into the db which prevents sql injection. You then escape output so to remove unexpected/ malicious output.
1. function beforeFilter() { 2. if(isset($this->params['form']['json'])) { 3. $this->data = json_decode($this->params['form'] ['json']); 4. } 5. } Ok turns out to be five lines. $this->params['form']['json'] represents the packaged posted json data from GWT. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---