On Apr 15, 7:54 pm, Ramiro Araujo <[EMAIL PROTECTED]> wrote:
> By nate: "All database inputs are automatically escaped when you
> save.". Is this true for the "query" method also? If not, what type of
> sanitization should I made if using the query method in some inserts
> or updates?
Cake will escape when you build conditions with array()
structure--so don't set "condition" as a string. But, I found some
problem with it because of this ticket https://trac.cakephp.org/ticket/4008
and I think once this enhancement stuff is removed, it will be ok. So,
Cake escapes in add/edit actions and model find() (if you use array
mentioned above), but won't escape in view/index actions. So, it's
necessary to clean data in view and index actions.
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
