On Jan 31, 12:48 pm, senseBOP <[EMAIL PROTECTED]> wrote:
> Thanks for your reply. I am actually more interested in a discussion
> about the subject, rather than actual code, unless one can provide a
> complete "undo" method for the $sanitize->clean() method... :)
If you remove something - you can't later un-remove it. Sanitizing is
not the same as escaping.
> So, you're saying I don't have to sanitize my forms against HTML and
> SQL injections because Cake does it for me?
Cake automatically escapes data in db queries - you are already
protected against sql injection. xss etc is a different matter, and is
an example of where sanitize fits in.
> That doesn't make any sense. Otherwise, what's the point of the Sanitize
> class?
Other circumstances. Like removing malicious js, or undesired
formatting etc.
> Also, if that was in deed the case, wouldn't the Sanitize class also include
> an
> unclean() method which would have been used automatically by Cake once
> data is pulled by a model?
Escaping is not the same as sanitizing, so no.
Some useful reading: http://www.google.es/search?q=filter+input+escape+output
hth,
AD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---