Doesn't seem like it would be necessary...
The only data that's "dangerous" for your DB is any sort of SQL
exploit, which you are already protected from by the core.
(i.e. the values are escaped before insertion or selection from DB).
On the other hand, you do need to make your data safe in the view...
so that one cannot add malicious javascript as part of the comments,
for example.
cake has a handy function h(), which you can use like: echo h
($someData); ... which will escape HTML chars and prevent script
injection, etc.
On Dec 19, 3:44 pm, Tim <t...@gurske.com> wrote:
> I want to sanitize the post before working with it or saving it to the
> database.
>
> Like this:
> <?php
> App::import('Sanitize');
> $this->data['Upload'] = Sanitize::clean($this->data['Upload']);
> ?>
>
> I have two questions:
> 1) Is this even necessary? Is this going to do anything for me or is
> it already being done?
> 2) After I change "<>$%$" to this "<>$%$" with the
> sanitizer; how do I get it back to "<>$%$" in the view? Is there a
> helper for this?
>
> Any help is appreciated. There are a few other unanswered posts about
> this...
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
